Monday, March 09, 2009

New Conficker Variants Add A Few New Tricks

Several top security sites have been warning of thew variants of the Conificker worm also know as the downandup virus. The latest version of the worm has been dubbed W32.Downadup.C or Conficker.c and has been redesigned to circumvent many of the latest techniques used to stop the spread of the virus.

Symantec Corp. has warned that this latest variant uses a new set of tools which is targeting antivirus software and security analysis tools with the aim of disabling them. Any processes found on an infected machine that contain an antivirus or security analysis tool string from the list below are killed:

  • wireshark
  • unlocker
  • tcpview
  • sysclean
  • scct_
  • regmon
  • procmon
  • procexp
  • ms08-06
  • mrtstub
  • mrt.
  • mbsa.
  • klwk
  • kido
  • kb958
  • kb890
  • hotfix
  • gmer
  • filemon
  • downad
  • confick
  • avenger
  • autoruns
Symantec has also warned that version "C" has bypassed a previous attempt at blocking W32.Downadup.B domain-generation algorithm for communicating. Users can no longer expect protection by simply blocking the sites the worm was allowed to update from. The Downadup authors have now moved from a 250-a-day domain-generation algorithm to a new 50,000-a-day domain generation algorithm.

The Conificker worm at one time was estimated to have infected nearly 10million PCs worldwide leading to the formation of a $250k reward for information leading to the viruses creators.


Read the latest on the Conficker.C worm:

Norton AntiVirus 2009 Coupon Exp. 2/28

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you