From the “So now they’re a family?” files:
Apparently Conficker isn’t the only worm out there trying to exploit a flaw Microsoft patched in October. A worm called Neeris is out taking advantage of the same Conficker flaw, and perhaps more interestingly its creators have learned a few things from Conficker too.
“Neeris is a worm that has been active for a few years,” Microsoft security researchers Ziv Mador and Aaron Putnam blogged. “Some of its variants used to exploit MS06-040 which addressed a vulnerability in the same Server service as MS08-067. However it looks like the authors of Neeris have been taking notes from Conficker. A new variant of the Neeris worm has been launched this week.”
The Microsoft researchers noted that the new version Neeris became prevalent in the lead up to the dreaded April 1st activation date for Conficker.