Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft warns of Conficker copycat


  • Please log in to reply
14 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 PM

Posted 06 April 2009 - 02:14 PM

An old, but little-known worm has copied some of the infection strategies of Conficker, according to Microsoft security researchers. Neeris, which harks to May 2005, is now exploiting the same Windows bug that Conficker put to good use, and is spreading through flash drives, another Conficker characteristic...

http://www.pcadvisor.co.uk/news/index.cfm?newsid=113839
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 Please Help Us

Please Help Us

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 06 April 2009 - 05:27 PM

So wait...
Are we safe if we already have the patch?

#3 o_rly

o_rly

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:An unclean desk
  • Local time:05:16 PM

Posted 06 April 2009 - 07:40 PM

So wait...
Are we safe if we already have the patch?


It says its the same vulnerability (MS08-067), so if you patched for Conficker, you're good for Neeris :thumbsup:
Don't mind me, I'm just lurking.

#4 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:16 PM

Posted 07 April 2009 - 02:03 PM

Apparently Neeris was discovered in Sept. 2005. This is Neeris.gen.c that has learned new tricks from new Conficker :

Old pieces of malware can and do learn new tricks. It is the case of the Neeris family of worms, which is following in Conficker's footsteps. In this regard, the Redmond company informs that the authors of Neeris have now upgraded their 2005 malicious code, tweaking the worm so that it can exploit the same Critical vulnerability as Conficker, namely MS08-067, a security flaw in Server Service. Released four years ago, Neeris was initially designed to take advantage of a vulnerability also affecting the Windows Server Service, but the latest variant, generically dubbed by Microsoft Worm:Win32/Neeris.gen!C, also exploits the vulnerability patched with the MS08-067 security bulletin in 2008.


http://news.softpedia.com/news/Old-Malware...rm-108689.shtml

Microsoft is currently offering a $250,000 reward for any information that will lead to the arrest of Conficker's authors. Woohoo! :D

Edited by Romeo29, 07 April 2009 - 02:04 PM.


#5 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 50,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 PM

Posted 08 April 2009 - 09:09 AM

Conficker worm's copycat Neeris spreading over IM
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Please Help Us

Please Help Us

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 08 April 2009 - 05:36 PM

Conficker worm's copycat Neeris spreading over IM



Really...now I'm scared.

#7 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 50,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 PM

Posted 08 April 2009 - 06:30 PM

IM has been an avenue used to spread malware for years.

IM attacks get nastier
MSN Most Dangerous IM Client in 2007
New Msn Messenger Trojan Spreading Quickly
New IM Attacks, Bugs Signal Stealthier Exploits
IM attacks up nearly 80%
Instant-messaging attacks up 73 percent
Skype Worm Jumps to ICQ, MSN IM
MSN Instant Messengers Worms
MSN IM Heartworm Attack Cloaked in Virtual Card Hoax
IM Attacks on The Rise
IM and P2P Threats
Instant Message, Instant Infection
Heartworm infects Microsoft’s IM network
Instant messaging worm is tough to fight - Threat to AIM
Yahoo IM worm hijacks IE, installs fake browser
"nugache" Worm/bot Using P2p Control Channel On Aim
AOL IM bot cloaked in encryption
December IM Attacks Jump 826 Percent Over '04
IM Threats: The Dark Side of Innovation
Santa IM worm hits AOL, MSN and Yahoo
New IM worm chats with intended victims
New AIM worm (for Christmas)
IM Threats Skyrocket In November 2005
Rootkit-Armed Worm Attacking AIM
AIM worm plays nasty new trick
Phishers Plant Fake Google Toolbar - use IM attack
Worms biting harder into IM, P2P
Instant Messenger Opens Flood Gates to Hidden Spyware
Instant Messaging Adware
Spying worm spreads via MSN Messenger, AIM
iTunes IM worm drops adware
Study: Threat increases from IM-based attacks
Microsoft Instant Messenger Warning
Websense ALERT: AOL IM Worm
SPECIAL REPORT: Worms wiggle into IM
E-mail worm graduates to IM
Trojan BOT and Phishing spreading through IM
Worm, phishing scam hit IM services
IM Security Threats Jump Dramatically
Phishers change bait as IM use grows
Security Flaw Found In Trillian IM Client
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 08 April 2009 - 09:04 PM

What is IM?

#9 Please Help Us

Please Help Us

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 08 April 2009 - 09:22 PM

What is IM?



Instant messaging.

Still doesn't put me at anymore comfort or ease then before, now I'm more worried.
=P

#10 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:16 PM

Posted 08 April 2009 - 10:19 PM

IM = Instant Messenger program like AOL IM, MSN IM etc.

Neeris spreads by attaching a copy of itself and sending a message to your IM contacts. If you use an updated antivirus and scan all attachments before opening them, any possible infection can be avoided in time. Also use tools available for free to check if you are not already infected and sending out worms to your IM contacts.

#11 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 09 April 2009 - 06:41 AM

Must be pretty dumb to accpept files then.. lol

#12 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 50,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 PM

Posted 09 April 2009 - 08:31 AM

Its a matter of folks not being informed or taking the time to educate themselves.

QM7's MODUS OPERANDI: "Knowledge and the ability to use it is the best defensive tool anyone could have. An uninformed user can be his or her own worst enemy when acting in ignorance."
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 09 April 2009 - 08:42 AM

As long as Windows is fully patched and up to date you should be safe. In addition it would be prudent to consider disabling autorun. See miekiemoe's blog here for info and a tutorial.

Quietman7 wrote a great tut on disabling autorun and installing the flash disinfector but I can't seem to find the link right now. :thumbsup: help please quietman7 :flowers:

Hope that helps,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 50,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 PM

Posted 09 April 2009 - 09:03 AM

Are you referring to this thread? (I just updated post #3 with another tool)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 09 April 2009 - 09:11 AM

That's the one!! Bookmarked!
A must read folks.
Thanks quietman7 :thumbsup:
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users