This is the only known example of what appears to be an altruistic worm. Over the past few weeks, security experts around the globe have been bracing themselves for an April 1st display of intent by the Conficker worm. Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.
Today, Conficker-infected machines began downloading instruction payloads from "mother ship" domains whose names are computed as a function of the current date. Once downloaded, those payload are interpreted as local windows executable programs and executed by the host computer, typically with administrative privilege.
While early tests show that Conficker continues to replicate itself by accessing the user's Outlook, Plaxo, and Linked-in contacts, it is also downloading what security experts are describing as "the most comprehensive anti-virus rule set ever seen." Conficker is systematically cleaning infected machines of all other viruses, trojans, worms, and other malware--except for Conficker.
D.S. McGee, chief security science officer at True Stuff commented that "This is the only known example of what appears to be an altruistic worm." D.S. quickly cautioned, however, that they are not relaxing and will continue to monitor Conficker behavior, "After all, this is April first, so this early behavior may just be part of a big joke."
|
Contact
