Neeris: Conficker Copycat or Conficker Inspired?


« Dealing with Conficker Infections | Main | Conficker / Downandup Active? Or... »

04/06/2009



Neeris: Conficker Copycat or Conficker Inspired?

Kevin R. Smith
Co-Editor


The UK Register's "Channel Register" brings word of updates to the "Neeris" worm that was originally spotted back in Mat 2005.

Apparently, either in cahoots with the Conficker folks or with them as inspiration, some modifications have been made, i.e. Neeris revisions, to modernize it and to add on some of the Conficker exploits to make it get new legs to possibly bring it back to life.

According to Microsoft researchers, Neeris has no connection to Conficker:

"It is interesting to note that this new variant of Neeris spiked on late March 31st and during April 1st. However it was not downloaded by any Conficker variant and there’s no evidence that it’s related to Conficker.D’s April 1 domain algorithm activation.

What we found interesting was that Neeris is being adapted to exploit the same holes in Windows that Conficker exploits, i.e. Autorun and the "Open folder to view files," but that it also uses a special driver to patch the built-in Windows XP's outgoing connection limits. 

This leads us to believe Neeris might be part of some sort of spam or DDoS network.

Whatever the case, it appears all major antivirus vendors have rolled out antivirus updates to catch this new malware, so as long as your antivirus signatures are up-to-date, you should be in the clear.

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a0133f40d81f4970b013487649196970c

Listed below are links to weblogs that reference Neeris: Conficker Copycat or Conficker Inspired? :

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.