Conficker.E to Go Self-destructive

According to several security researchers, the variously featured Conficker virus would likely demonstrate another stage in its evolution on May 5, 2009, when Conficker.E, the worm's latest variant would simply destroy itself on systems it has infected.

Security Agencies Trend Micro, SecureWorks and F-Secure are some of those companies that trust Conficker.E, first detected only this April (2009), is going to detonate itself on May 5th.

However, say the security researchers that even if the latest Conficker.E does destroy itself as believed, there are still a massive number of Windows computers the world over that are infected with the earlier version, Conficker.C. This older variant that had been active in April 2009, attempted to entice victims onto spurious anti-virus online sites so that they could be cheated into paying around $50 to eliminate the worm from their computers.

Meanwhile, explicating the Conficker.E functionality, director of malware research Joe Stewart at SecureWorks said the variant consists of two parts. PCWorld published this on April 27, 2009. Stewart explained the worm primarily represents broken down functions that previously existed in combination i.e. of spreading, scanning and obtaining downloads for e.g., through P2P sharing.

However, according to Stewart, some functionality of .E is never performed, which is why Conficker.E is going to destroy itself.

Also, according to researchers, the expected annihilation of Conficker.E has certain weird aspects to it.

They say the Conficker.E variant, observed only since the middle of April 2009, didn't ever appear to work, a rather surprising experience for researchers as the evolution of Conficker so far has been technically pretty stimulating.

Nevertheless, Stewart feels that the self-destruction of Conficker.E isn't truly favorable news. He thinks it might be a new ruse relating to an anti-malware or an intentional diversion of researchers' attention by attackers. According to him, the virus creators might be trying out a more sophisticated variant.

Thus, warned the security professionals that researchers need to be alert for possible Conficker attacks in future. Meanwhile, although it is not known what would follow next from the Conficker attackers, most researchers agree the worm's present use is clearly to make financial gain.

Related article: Conviction of First Felony Spam in Virginia Upheld

» SPAMfighter News - 5/2/2009