Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new version of the Conficker worm is to hit desktops on the April 1.
According to Don DeBolt, director of threat research at CA, the variant will be released on April Fools Day and ‘generate 50,000 URLS daily'. He claimed that generating a large amount of URLs will disguise where it may be calling to download instructions.
CA further claimed that it did not know exactly what those instructions might be, but it could involve downloading more malicious code or destroying files.
Following on from the detection of a second variant of Conficker - named ‘W32.Downadup.C' by Symantec's Peter Coogan - which was being pushed out to infected computers, the new variant appears to have defensive capabilities that weren't present in earlier versions.
While it spreads in the same manner, ‘Conficker.C' can disable some of the tools used to detect and eradicate it, including anti-virus and other anti-malware detection tools.
In a further detection, Trend Micro found another variant named WORM_DOWNAD.KK. Technical Communications spokesperson Jake Soriano claimed that it closely follows the trail of WORM_DOWNAD.A and WORM_DOWNAD.AD, which just late last month was discovered to have updated its functionalities.
While WORM_DOWNAD.KK attempts to connect to around 500 randomly selected domains at a time, this modification is seen as an effort to add survivability to the DOWNAD botnet. Like the other DOWNAD worms, this new variant also blocks access to anti-virus-related sites, as well as terminating security tools.
Trend Micro advanced threats researcher Paul Ferguson said that blocking these domains is almost impossible not only because of the daily volume, but also because there is a high possibility of legitimate domain collisions where DOWNAD generates domains already in use by legitimate entities.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.