Facebook
Twitter
YouTube
RSS FeedsNew Conficker Worm Variant Attempts to Evade Industry Measures to Sever It
Category: Bugs / VirusPosted: March 9, 2009 06:55PM
Author: Nemo
Security researchers are seeing a new variant of the Conficker/Downadup worm that attempts to skirt around industry efforts to sever the link between the malware and its control servers. computers currently infected with the Conficker worm are being updated with the new variant which represents the first time that any new orders have been sent out. Researchers have been speculating what the malware authors intent was as they built up a massive botnet of infected machines and this move signals their intent to preserve and defend the network. Close to twenty companies have banded together to fight the spread of the Conficker worm after one company reverse engineered the algorithm the code was using to generate domain names used by the control servers. The companies were registering the domain names ahead of the worm in an attempt to prevent any contact with its owners. Prior versions were generating 250 URLs a day and the new variant has upped that to 50,000, making the job of preventing contact much more difficult. The new version also has a stronger defense against attempts to remove it as it now turns off several security services and tools used to examine machines for infection. Microsoft has offered a $250,000 reward for information that will lead to the arrest of the worm's authors.
