New Conficker Variant Spreading by Disabling Security Software

According to a warning released by Symantec, the third version Conficker worm is currently circulating in the wild. The variant is the worst strain so far due to its new potentiality in impairing security software.

In a twisted tactic, Conficker's creators are distributing the new variant among already infected computers, aiding the virus to penetrate deeper and develop greater resistance to efforts aimed at removing it.

According to a security advisory from Peter Coogan of Symantec, the virus' key purpose to disable antivirus solutions reflects a new strategy overall, as reported by THE NATIONAL BUSINESS REVIEW on March 9, 2009.

Coogan further wrote that the virus' creators were focusing on making the threat last longer on infected systems. Instead of attempting to infect new machines, the con-artists appeared to be preventing already infected systems from detection and remediation by security processes, he explained.

Symantec further states that the virus attacks various security mechanisms as well as some of the widely used security products such as procmon, regmon, tcpview and wireshark. The variant kills any security process on an infected system containing any of the above mentioned security products or strings of security analysis devices, the company noted.

Besides, the virus' creators have shifted from an algorithm generating 250 domains a day to one producing 50,000 domain names daily. The latest variant of the virus is dubbed W32.Downadup.C, and it is the result of the effective cracking of W32.Downadup.B, the preceding variant of Conficker.

However, the encouraging sign is that after the peak number of Conficker-infected computers, the total number of such systems is steadily declining. Thus, researchers are now tackling a much-reduced number of these machines, experts say.

The experts also said that Conficker became infamous earlier in 2009 when it spread to a huge number of systems through the exploitation of a Microsoft security flaw for which the software giant found a patch urgently in October 2008.

As per reports, in February 2009, several technology organizations together with the DNS managing group ICANN came together to register the IP addresses that Conficker's owners maintain for keeping their control over infected systems.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 3/14/2009