Conficker Gets An Update
Jacksonville – Already the most serious threat on the internet, the Conficker worm has been reprogrammed to bolster its defenses as it attempts to infect even more computers worldwide.
Conficker has infected between 3 and 12 million PCs by taking advantage of vulnerabilities in Microsoft’s security software, thus making it one of the world’s largest “botnets.” While botnets are used to send spam and launch attacks against web sites, they must be able to receive instructions in order to do so. Conficker is able to do this in two different ways, either by visiting a web site where instructions have been left or by receiving files over its own custom peer to peer network.
Over the last two days, researchers say Conficker infected computers have been receiving a binary file over the peer to peer network. This method of reprogramming the worm has been successful even as security experts have seen some success in blocking the efforts of Conficker’s controllers from sending instructions through web sites.
The experts previously suspected that Conficker’s controllers were concerned that the botnet had become too large since an earlier update turned off the worm’s capability to search for unprotected computers. Now, the new binary has instructed Conficker to search out computers that haven’t installed the Microsoft patch that protects against vulnerability to the worm. Clearly, experts say, the controllers are looking to control more machines.
In addition to telling Conficker to visit a wide range of websites, from MySpace.com to Ebay, in order to confirm that the computer has a working internet connection, it also blocks infected machines from visiting other websites such as those maintained by web security companies. The blocking feature was also seen in an earlier version of Conficker. Even more intriguing, the latest binary seems to be programmed to stop running on May 3rd, which would halt its newest functions.
Some experts believe that Conficker’s controllers may be linked to previous botnets that were created by the Storm and Waledec worms. Both Storm and Waladec have faded in importance, but the new update instructs Conficker to contact a domain that is known to have been affiliated with both.