Conficker evolves; adds new capabilities

The writers behind the Conficker worm have not been sitting still, and reports from security researchers indicate that the troublesome malware has evolved to become even harder than ever to block or remove. A new variant identified by Symantec as W32.Downadup.C now sports defensive capabilities, and is able to disable some antivirus and antimalware tools designed to detect it. 

In addition, this variant can switch domains at a much high rate. Previously, the malware implements an internal algorithm to generate 250 domains a day, which it uses to check for updates to itself. So far, security organizations have managed to crack the algorithm to preemptively register these domains to prevent the malware author from using them. However, the new domain generation algorithm generates up to 50,000 domains a day, which is certainly a cause for concern.

In addition, despite infecting some hundreds of thousands of machines so far, Conficker has strangely not been tasked with any real activity beyond proliferation. Certainly, an automatic update will likely change everything, though security experts are finding the lack of targets disconcerting, to say the least.

For more on this story:
- check out this article at Dark Reading

Related Articles:
Advance variants of Conficker spotted
Microsoft puts up $25,000 bounty for Conficker worm
Large number of Windows PCs still vulnerable to Conficker exploit