Apr 092009
Researchers at Trend have noticked that Conficker appears to be finally dropping a payload. Among other things, some of the changes are:
- Setting an untrigger date of May 3 – At this point Conficker will remove itself from the machine entirely
- Pulling down binaries from Waledac – Potentially to use the machines for Spamming purposes
- Opens port 5114 for HTTP – Potentially a mechanism for further spread
Interesting changes to make. As The entry from Trend points out, this may be a move in the direction of monetizing Conficker.
http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/