Evades countermeasures
Computers infected with
the Conficker worm are being updated with a new variant that blocks an
attempt to cut links between the worm and its hacker
controllers.
Security experts at Symantec said that the new variant, called
Conficker.c, sends out new orders to the botnets which have been
infected.
Vincent Weafer, vice president of Symantec Corp.'s security
response group said that the update shows that the hackers want to defend
their collection of compromised PCs.
Last month, about 20 technology
companies and organizations, including Microsoft, Symantec, VeriSign Inc.
and ICANN, the nonprofit group that manages the Internet Domain Name System,
joined forces to preemptively register the Internet addresses Conficker's
controllers use to maintain their hold on infected machines.
However
Conficker.c cranks out a list of 50,000 URLs which could be used by the
botnets which makes it hard to .even attempt to register 50,000 domains
daily.
Users can protect themselves from the worm by installing Microsoft's
MS08-067 security update, using stronger passwords and disabling
Windows' Autoplay and Autorun features.