A new variant of Conficker Worm Ready for Massive Attack on PC Infrastructure

Next story

The size of botnet not seen by Antivirus vendors in some time; specialists at ESET devoting utmost attention to the threat.

The new variant of the dangerous worm Conficker is rapidly spreading through the Internet. The malware‘s variants, which appeared previously have succeeded in shutting down thousands of PCs worldwide. Computer security experts agree that Win32/Conficker.X, (also dubbed by some vendors as Conficker.C or Conficker.D) poses even a greater threat than its predecessors.

The danger is in that it is perfectly poised for a massive attack against computer infrastructure and/or perpetration of a mass-scale data-theft.The authors of the worm have programmed it to spread not only via the internet by exploiting vulnerabilities in the Windows OS, but also to propagate via exchangeable media. The worm is programmed in such a way as to be remotely controllable, once infected PCs become a part of a large botnet – a network of PCs used to send spam and/or other dangerous forms of malware.

The new variant of Conficker is unique in that it is programmed to radically increase the number of internet domains the worm checks in to for instructions come April 1st. While the existing variants of the worm  check in to domains  numbering in the hundreds a day, after April 1st, this number is expected to climb dramatically to as much as 50, 000 a day. As yet, computer security experts do not have a clear idea as to the nature of the command for those PCs, which have already been infiltrated. Speculations abound that the action will come in the form of a devastating attack against the Internet infrastructure itself.

"ESET is concentrating fully on monitoring the spread of this worm and is planning an upsurge in staffing of its Virus lab as April 1st approaches. ESET solutions were successful in identifying the new variants of Conficker by deploying proactive detection methods, extending 100% protection to our clients," states Juraj Malcho, the Head of ESET Virus Lab.

In the history of computer threats, Conficker ranks among the most dangerous, given its capacity to reach vast numbers of PCs simultaneously. "The main goal of the authors of the worm is to construct and consolidate a botnet of unprecedented proportions that can be exploited for a massive attack against the internet infrastructure or for a mass-scale espionage,“ adds Malcho.

Win32/Conficker.X performs the following changes to infected workstations:

  • modifies DNS, blocking all tools  related to operating system security
  • blocks or terminates security software applications
  • has the ability to communicate within peer-to-peer network (P2P)
  • starting April 1st, 2009  it will check in for instructions from up to 50 000 domains a day

How to protect yourself?

It is recommended to acquire the relevant operating system patches and have a security software installed. Moreover, to protect its clients, ESET has made available a special Conficker removal tool .

About ESET

Founded in 1992, ESET is a global provider of security solutions for corporate customers and households. From a small family-sized venture, ESET has evolved into a leader in proactive malware detection and is in the front lines of combating emerging cyberthreats. Its flagship solutions - ESET NOD32 Antivirus and ESET Smart Security, built on the award-winning ThreatSense® engine are trusted by millions of users to protect their computers against a host of Internet-borne malware, such as viruses, trojans, worms, adware, spyware, phishing, rootkits.  ESET has headquarters in Bratislava, Slovakia with branch offices in Prague, Czech Republic; San Diego, USA; Bristol, UK and Buenos Aires, Argentina. ESET‘s solutions are available in more than 160 countries worldwide. In 2008, ESET opened its new development center in Krakow, Poland and was ranked by Deloitte Technology Fast 500 as one of the fastest growing technology companies in the EMEA region.