Conficker Worm in Incarnation of Conficker B++

The authors of the widespread worm "Conficker" have unleashed the latest variant of the wicked malware that may indicate a big shift in the modus operandi of the worm. Researchers at SRI International have detected this new version of the malware called Conficker B++.

According to the firm, while having a surface review, the new version resembles Conficker B, particularly it has identical packaging and is being circulated as a Windows DLL file. Also, dynamic analysis indicated that algorithm generating this domain was similar to that of Conficker B. Thus, it was considered as yet another packaging of the old Conficker B; however, intense static analysis highlighted some interesting differences between the two versions.

Detailed examination of the malware revealed that out of the 297 subroutines that made up the original Conficker B, which affected millions of systems throughout the world, this latest set of malicious code has added-on 39 extra subroutines while modifying the three existing ones. Hence, the previous assumption that it was the same worm in new pack turned out false. This new variant is somewhat different from its predecessor and has been christened Conficker B++.

Conficker B++ is reportedly capable of tricking the efforts of 'Conficker Cabal', which keeps a check over Conficker B. Conficker Cabal is basically a broad industry association made by the efforts of the Microsoft that is aimed to cease the growth of this wicked, nuisance-creating worm.

While the mode of launching attack remained same, updates methods of the variant are constantly changing. This illustrates the cat-and-mouse game that is continuously being played between the companies and the researchers. They developed a way to defeat the update method of the worm while the worm's author had fabricated a different method which majority of them are not prepared to tackle.

The SRI International's researchers told that it was difficult to estimate the period for which Conficker B++ has been in circulation, but it was seen first on February 6, 2009. They also informed that the latest variant makes the botnet much stronger.

Related article: Conviction of First Felony Spam in Virginia Upheld

» SPAMfighter News - 2/27/2009