BitDefender Identifies New Variant of Conficker
Security researchers at BitDeender, an antivirus company, have re-discovered a new variant of notorious Conficker virus. An analysis of the variant discloses that the worm is featured an enhanced obfuscation while it is also poised to block many more domains.
Moreover, the newly discovered variant is designed to bypass disinfection and detection with the help of removal solutions that were developed for the worm's earlier versions. The payload prevents access to all antivirus websites as well as other sites offering services for online scanning or removal tools. Furthermore, the virus has been revised so that it would not allow users to access http://bdtools.net, the online repository of BitDefender that distributes removal and disinfection software.
The security officials said that those who found the latest Conficker variant became suspicious when a customer complained that he was unable to access www.bdtools.net as his PC was infected with the Conficker worm. This proved especially interesting since the domain name didn't belong to the list that the virus' familiar versions blocked. After collecting a sample that the researchers analyzed, it was concluded that the malware was a new variant.
Furthermore, BitDefender has found that this variant has been circulating since March 18, 2009, although at that time no one noticed it. Currently, it is identified as Win32.Worm.Downadup.Gen via a general routine that detects all familiar versions of Conficker.
The security officials state that Conficker, also called Kido or Downadup, is a highly complicated and sophisticated malware and the researchers have been observing for past few years. The original variant, Conficker.A, had emerged in November 2008.
Subsequently, in December 2008, Conficker.B was released. This variant has been the most effective variant till now as it infected around 12 Million PCs during its peak time. Trailing this was another variant, the Conficker.B++. According to researchers' speculations, this revamped version focused on fighting the initiatives of Conficker Cabal, an association of companies and organizations within the security industry to combat Conficker. Conficker.B++ is thus now more fitfully recognized as Confickdr.C.
To prevent the worm, Internet users are suggested to deploy up-to-date and complete anti-malware software on their computers.
Related article: BitDefender Releases March Malware List
» SPAMfighter News - 13-04-2009