Conficker’s latest mutation baffles security experts


10 Apr 2009

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A new variant of the Conficker worm has been dubbed Win32/Conficker.AQ by global security software vendor ESET, which warned that the variant appears to be communicating with its own peer-to-peer network.

ESET detected a new variant of Conficker worm that differs to previous versions by one major, yet surprising, feature.

It doesn’t contact any of the control domains, even though it originally operated with up to 50 000 domains a day.

Conficker and the size of its botnet (a network of infected PCs) has attracted a lot of media attention in the past few days.

ESET said the new variant, created on 7 April, communicates only within its own peer-to-peer network.

It comprises of two main components. The server part infects vulnerable PCs in the network, installing the client part. These clients become a part of the Conficker botnet.

There is an interesting feature in the code of the worm that causes the server part to deactivate and remove from the PC after 3 May. However, the botnet will be active even after this date, and Conficker will remain as one of the most prevalent current threats.

“Similarly as previous variants, Win32/Conficker.AQ exploits the Windows MS08-067 vulnerability. Users are therefore advised to keep their systems up to date and protect their PCs with security software,” ESET said in a security note.

By John Kennedy

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!