Skip navigation

New Worm Named Neeris Mimics Conficker

Just because you didn't get hit with the Conficker worm last week, don't let your guard down yet. Microsoft is warning that a new version of the Neeris worm, which has been around since 2005, is now actively targeting the same security vulnerabilities as Conficker. The previous version of the Neeris worm exploited vulnerabilities addressed by MS06-040, whereas the current version (detected as Win32/Neeris.gen!C) targets flaws addressed by MS08-067. Neeris originally spread through MSN Messenger but can now also spread through removable drives and SQL Server machines with weak passwords.

According to Microsoft, "the new variant tries to connect to a command and control server over port 449.... The malware adds itself to start every time Windows starts and even adds itself to the Safe Boot configuration." Although Neeris is being dubbed a copycat of Conficker, the earliest versions of Neeris date back to 2005--so perhaps Conficker is the actual copycat. Either way, installing MS08-067 will protect your systems. In addition, you might want to disable the Autorun feature

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish