A recent advisory from Microsoft (Microsoft Security Advisory (975497)) says Vulnerabilities in SMB Could Allow Remote Code Execution. This “SMB2 zero day” is focused on the Microsoft VIsta and Server 2008 systems.
If Vista were as wide spread as the Windows XP it would have become a potential addition to the Conficker troupe. Interestingly, even the Windows 7 (gaining momentum at the moment) does not seem vulnerable. Which does not preclude Conficker writers themselves of deciding to add this new ‘tool’ to their variations. Return-On-Investments may be the only reason they would not target Vista…
I was not planning on writing another post so soon, but Utopiah here has referred a very nice article in his comments to my previous post. If you have not already read Brandon Wiley’s Curious Yellow: The First Coordinated Worm Design, I urge you to read it through.
It hits right on spot about fast distribution through a peer-to-peer network. I used the concept to hypothesize a patch propagation (described as an anti-worm by him).
The paper describes a scenario comparable to a powerful chess game turning the yellow worm to blue and backwards. Probably in recognition of this idea, Conficker uses latest encryption , very likely making a first field implementation of the MD6 algo and its fixes too!. It appears that the Conficker writer is very well versed with this paper and current technology 🙂
Besides the points made by Wiley on that page, there is one more ‘common goal’ such a network can target, and I am sure its already stated somewhere: These compromised systems can be pooled to brute force encryption security.