'Neeris' Worm Using Old Tricks on Windows PCs

  • By Jabulani Leffall
  • 04/09/09

While the IT security community waited anxiously to see what havoc the Conficker worm might bring to infected systems April 1, another worm slithered into the picture and now has Microsoft's full attention.

This time, it's an old nemesis called the "Neeris" worm. A new variant of Neeris, known as Worm:Win32/Neeris.gen!C, began infecting Microsoft Windows-based systems between March 31 and April 1 while IT security pundits were looking the other way. A lot of attention was diverted to Conficker, although nothing of consequence happened on that fated April 1 date.

Redmond said this week that Neeris has resurfaced and is exploiting the same vulnerability targeted by Conficker. Microsoft issued a patch for this vulnerability in October (MS08-067), but company officials have complained that IT shops still lag in applying it.

Neeris tries to exploit the same Microsoft Windows AutoRun and remote call procedure features utilized by Conficker. The aim of the attack is to extract passwords, change system configurations and allow a hacker to override a workstation.

Neeris replicates itself through a server service vulnerability described in a previous patch from September 2006 (MS06-040). That method involves sending malicious links over MSN Messenger and interloping on MSN's instant messaging program so that when the links are accessed, the worm can do its dirt.

To stave off this new-old worm, the Microsoft is telling IT shops to take steps to install patches on nonupdated machines, as with Conficker. Disabling AutoRun in Windows is also a temporary workaround fix.

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • college student sitting at a laptop writing a college essay

    How Can Schools Manage AI in Admissions?

    Many questions remain around the role of artificial intelligence in admissions as schools navigate the balance between innovation and integrity.  

  • a hobbyist in casual clothes holds a hammer and a toolbox, building a DIY structure that symbolizes an AI model

    Ditch the DIY Approach to AI on Campus

    Institutions that do not adopt AI will quickly fall behind. The question is, how can colleges and universities do this systematically, securely, cost-effectively, and efficiently?

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • laptop screen showing Coursera course

    Coursera Introduces New Gen AI Skills Training and Credentials

    Learning platform Coursera is expanding its Generative AI Academy training portfolio with an offering for teams, as well as adding new generative AI courses, specializations, and certificates.