Conficker Evolves With New Variant
Page 1 of 1
From the "Evolution is not always a good thing" files:
Conficker, the dreaded much-hyped worm that was supposed to trigger "something" on April 1st but didn't has evolved (again). Multiple anti-virus vendors are now reporting a new variant of Conficker (called WORM_DOWNAD.E by Trend Micro and W32/Confick-D by Sophos).
The new Conficker variant also has an activation date attached to it -- this time it's May 3rd.
In my opinion, detecting it should be as straight forward as previous Conficker iterations. For one, this version of Conficker opens up (according to Trend Micro) port 5114 to serve as an HTTP server.