Conficker.E to self-destruct on May 5th?

Viewing 4 reply threads
  • Author
    Posts
    • #3733
      timmedin
      Participant

      The evolution of the multi-faceted Conficker worm is expected to take another turn this May 5th when the latest version, Conficker.E, will simply self-destruct on infected machines, say a number of security researchers.

      F-Secure, Trend Micro and SecureWorks are among those that believe Conficker.E—first spotted just this April and probably created by the same attackers that since last fall let loose the Conficker.A through Conficker.C variants—has been designed to simply self-detonate on May 5th.

      “It will simply self-destruct,” says Mikko Hypponen, chief research officer at F-Secure, pointing out that researchers, who had been arguing over name for variants, agreed to skip past the name “Conficker.D” entirely to settle on the name “Conficker.E.”

      http://www.networkworld.com/news/2009/042409-conficker-worm.html

      What would be their motivation to do this? If you have gained ground, why give it up? Why not have it pull updates and continue on?

      My best guess is the authors authors just want to get drunk on Cinco de Mayo and they don’t want to worry about it that day or the next then they have severe hangovers.

      Anyone else have a better conspiracy theory?

    • #23925
      Don Donzal
      Keymaster

      Actually I think I do…

      Isn’t that the same date that MS leaked that it would make the RC of Windows 7 available to the general public?

      Hmmmm…

      Don

    • #23926
      RoleReversal
      Participant

      I’ve wondered for a while if .E could have been part of a coup attempt (either within Conficker’s authors or external) which could explain the relatively small number of .E infections compared with reported statistics on other variants.
      With a self destruct feature it could even be some ‘white-hats’ got control for research and are now releasing the infected machines. Would love to see some analysis if this is the case.

      Or Don may have the right idea; Viral (literally) by Microsoft? Conficker appeared after the patch so MS definitely know about the vuln before exploit….

      I love a good conspiracy theory, and Conficker is turning into a geeky soap-opera 😀

    • #23927
      timmedin
      Participant

      @don wrote:

      Actually I think I do…

      Isn’t that the same date that MS leaked that it would make the RC of Windows 7 available to the general public?

      Hmmmm…

      Don

      Are you saying the Windows 7 = Conficker.f?  😉

    • #23928
      timmedin
      Participant

      @RoleReversal wrote:

      I’ve wondered for a while if .E could have been part of a coup attempt (either within Conficker’s authors or external) which could explain the relatively small number of .E infections compared with reported statistics on other variants.
      With a self destruct feature it could even be some ‘white-hats’ got control for research and are now releasing the infected machines. Would love to see some analysis if this is the case.

      I wonder if it is “test” of what is to come. I have heard that the malware developers are usually separate from the controllers. If the developers gave the controllers a “demo” of their latest version then this would make sense.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?