Conficker stopped connecting to domains
ESET dubbed the new variant Win32/Conficker.AQ
ESET detected a new variant of Conficker worm that is different to the previous ones in one major, yet surprising feature. It doesn’t contact any of the control domains, even though it originally operated with up to 50 000 domains a day. Conficker and the size of its botnet (a network of infected PC’s) has attracted a lot of media attention in the past days.
The new variant, created on April 7th, communicates only within its own peer-to-peer network. It comprises of two main components. The server part infects vulnerable PC’s in the network, installing the client part. These clients become a part of the Conficker botnet.There is an interesting feature in the code of the worm that causes the server part to deactivate and remove from the PC after May 3rd. However, the botnet will be active even after this date and Conficker will remain to be one of the most prevalent current threats.
Similarly as previous variants, Win32/Conficker.AQ exploits the Windows MS08-067 vulnerability. The users are therefore adviced to keep their systems up-to-date and protect their PC’s with a security software.
Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, alowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA; and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named to Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.