Conficker Worm Strikes Back With New Variant
Erik Larkin writes on PC World's "Security Alert" Blog:
The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.More here.
Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm's mysterious creators haven't abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.
Vincent Weafer, Vice President, Symantec Security Response, says the company has only seen the new variation as an update that was sent to an existing worm on a honeypot (a machine that's purposely left infected to watch for updates and changes). Symantec hasn't yet seen this functionality in a new worm variant that can spread on its own, Weafer says, but that may be coming.
In addition to the strike against security software, which is a common tactic for malware, the new functionality also expands the lists of domains Conficker will check each day for updates from 250 to 50,000. This is a clear attempt to counter an industry coalition that attempts to block access to those domains each day.