Apparently Conficker isn’t the only worm out there trying to exploit the flaw Microsoft patched in October. A worm called – Neeris – is out taking advantage of the same Conficker flaw, and perhaps more interestingly, its creators have learned a few things from Conficker too.
“Neeris is a worm that has been active for a few years,” Microsoft security researchers Ziv Mador & Aaron Putnam blogged. “Some of its variants used to exploit MS06-040 which addressed a vulnerability in the same Server service as MS08-067. However it looks like the authors of Neeris have been taking notes from Conficker. A new variant of the Neeris worm has been launched this week.”
The Microsoft researchers noted that the new version Neeris became prevalent in the lead up to the dreaded April 1st activation date for Conficker. That said, they added that there is no direct correlation between Conficker activity and infections and Neeris — except for the fact that they both try and exploit the same already patched Microsoft flaw.
According to Microsoft, Neeris spread by way of bad links sent via MSN Messenger as well as being an IRC bot. It can also be spread via SQL server with weak password (but they anything can spread via SQL servers with weak passwords).
As was the case with Conficker, risk mitigation is relatively straight forward. If you’re running Windows (since this is a Windows-only issue) make sure you directly visit Windows Update to get the lastest Microsoft patches.