Conficker worm "getting a lot uglier"

A new variant of the Conficker or Downadup worm has been spotted by Trend Micro.

The Conficker worm has mutated again, as another variant of the malware troublemaker has been spotted in the wild.

The new version of the worm is called WORM_DOWNAD.KK and is similar to recent variations of Conficker, which is also known as Downadup, according to Trend Micro's Jake Soriano.

"With this new variant, the entire DOWNAD mess is getting a lot uglier," Soriano wrote in the security firm's blog, adding that the worm is reaching "numbers matching that of giant botnets Storm and Kraken."

The last two versions of Conficker have infected one million computers and those are just the ones scanned by Trend Micro. Global estimates are closer to nine million if not more, Soriano said.

The new variant adds more generated domains, taking the number of domains it tries to connect to from 250 to 50,000. "While the worm only attempts to connect to around 500 randomly selected domains at a time, this modification is seen as an effort to add survivability to the DOWNAD botnet," Soriano said.

This creates problems not just because of volume, but because the worm generates domains already legitimately in use, making it hard to block them.

Security firm BitDefender has also seen a new variant of the Downadup worm, called Win32.Worm.Downadup.C. This version is apparently more resistant to disinfection and disables Windows Update in addition to blocking anti-virus websites.

"BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date," said Vlad Valceanu, BitDefender's senior malware analyst.

"The worms then produce a fixed number of domain names on a daily basis and check them for updates. This makes it easy for malware writers and cyber criminals to upgrade a worm or give it a new payload, since they only have to register one of the domains and then upload the files."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
New DNS vulnerabilities put millions of IoT devices at risk of hacking
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk of hacking

13 Apr 2021
Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?
cloud security

Cloud storage: How secure are Dropbox, OneDrive, Google Drive, and iCloud?

13 Apr 2021
5G will accelerate cyber crime, predicts former White House CIO
5G

5G will accelerate cyber crime, predicts former White House CIO

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021