Published in News

Conficker worm mutates

by on24 February 2009

Image

Has transformed into something even worse - James Blunt


The Conficker
Internet worm has mutated with a new version that opens up a backdoor that could allow an attacker to distribute malware to infected machines.


According to CERT, the new Conficker/Downadup worm, dubbed "Conficker B++," uses a new backdoor with "auto-update" functionality. Microsoft has said that there is no indication that systems infected with previous variants of Conficker can automatically be re-infected with the new variant. The virus writers were probably getting bored with the original version.


The new variant no longer patches netapi32.dll against all attempts to exploit it. It now looks for a specific pattern in the incoming shellcode and for a URL to an updated payload.


Redmond has offered $250,000 for the head of the bloke or blokette who penned the Conficker worm.

Rate this item
(0 votes)