.

Conficker.E to self-destruct on May 5th?

<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Apr 25, 2009 5:42 pm

Conficker.E to self-destruct on May 5th?

The evolution of the multi-faceted Conficker worm is expected to take another turn this May 5th when the latest version, Conficker.E, will simply self-destruct on infected machines, say a number of security researchers.

F-Secure, Trend Micro and SecureWorks are among those that believe Conficker.E—first spotted just this April and probably created by the same attackers that since last fall let loose the Conficker.A through Conficker.C variants—has been designed to simply self-detonate on May 5th.

“It will simply self-destruct,” says Mikko Hypponen, chief research officer at F-Secure, pointing out that researchers, who had been arguing over name for variants, agreed to skip past the name “Conficker.D” entirely to settle on the name “Conficker.E.”


http://www.networkworld.com/news/2009/0 ... -worm.html

What would be their motivation to do this? If you have gained ground, why give it up? Why not have it pull updates and continue on?

My best guess is the authors authors just want to get drunk on Cinco de Mayo and they don't want to worry about it that day or the next then they have severe hangovers.

Anyone else have a better conspiracy theory?
twitter.com/timmedin | http://blog.securitywhole.com
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Apr 25, 2009 8:38 pm

Re: Conficker.E to self-destruct on May 5th?

Actually I think I do...

Isn't that the same date that MS leaked that it would make the RC of Windows 7 available to the general public?

Hmmmm...

Don
CISSP, MCSE, CSTA, Security+ SME
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Apr 26, 2009 2:25 am

Re: Conficker.E to self-destruct on May 5th?

I've wondered for a while if .E could have been part of a coup attempt (either within Conficker's authors or external) which could explain the relatively small number of .E infections compared with reported statistics on other variants.
With a self destruct feature it could even be some 'white-hats' got control for research and are now releasing the infected machines. Would love to see some analysis if this is the case.

Or Don may have the right idea; Viral (literally) by Microsoft? Conficker appeared after the patch so MS definitely know about the vuln before exploit....

I love a good conspiracy theory, and Conficker is turning into a geeky soap-opera :D
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Mon Apr 27, 2009 10:32 am

Re: Conficker.E to self-destruct on May 5th?

don wrote:Actually I think I do...

Isn't that the same date that MS leaked that it would make the RC of Windows 7 available to the general public?

Hmmmm...

Don


Are you saying the Windows 7 = Conficker.f?  ;)
twitter.com/timmedin | http://blog.securitywhole.com
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Mon Apr 27, 2009 10:37 am

Re: Conficker.E to self-destruct on May 5th?

RoleReversal wrote:I've wondered for a while if .E could have been part of a coup attempt (either within Conficker's authors or external) which could explain the relatively small number of .E infections compared with reported statistics on other variants.
With a self destruct feature it could even be some 'white-hats' got control for research and are now releasing the infected machines. Would love to see some analysis if this is the case.


I wonder if it is "test" of what is to come. I have heard that the malware developers are usually separate from the controllers. If the developers gave the controllers a "demo" of their latest version then this would make sense.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software