Government Technology

Conficker: The Mutated Worm



February 27, 2009 By

The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates.

The new variant, nicknamed Conficker B++, was reported by SRI International researchers, who published details of the new code on last week. At a quick glance, this variant resembles Conficker B. In particular, it is distributed as a Windows DLL file and is packed similarly. Initially, this new version was mistaken for the same worm in different packaging. However, upon further analysis, researchers found that out of 297 subroutines in Conficker B, only 3 were modified in Conficker B++ and around 39 new subroutines were added. Conficker B++ uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.

Conficker-infected machines could be used for sending spam, logging keystrokes or launching denial of service (DoS) attacks, but a group calling itself the Conficker Cabal has largely prevented this from happening. They've kept Conficker under control by cracking the algorithm the software uses to find one of thousands of rendezvous points on the Internet where it can look for new code. These rendezvous points use unique domain names, such as pwulrrog.org, that the Conficker Cabal has worked hard to register and keep out of the hands of the criminals.

The new B++ variant uses the same algorithm to look for rendezvous points, but it also gives the creators two new techniques that skip them altogether. That means that the Cabal's most successful technique could be bypassed.

Also known as Downadup, Conficker spreads using a variety of techniques. It exploits a dangerous Windows bug to attack computers on a local area network, and it can also spread via USB devices such as cameras or storage devices. All variants of Conficker have now infected about 10.5 million computers, according to an SRI International Technical Report.


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
Improving Emergency Response with Digital Communications
Saginaw County, Mich., increases interoperability, communication and collaboration with a digital voice and data network, as well as modern computer-aided dispatch.
Reduce Talk Time in Your Support Center by 40%
As the amount of information available to citizens and employees grows each year, so do customer expectations for efficient service. Contextual Knowledge makes information easy to find, dropping resolution times and skyrocketing satisfaction.
View All

Featured Papers