Conficker Worm Update: Conficker.C Emerges To Elude Countermeasures

Conficker Worm, also known as Downadup or Kido, has made its way onto millions of computers worldwide while evolving into newer varients.

A newer version of Conficker after Conficker.B, identified as Conficker.C (Conficker B++), has made its way onto computers that may still be infected with Conficker.

This newer version of Conficker, now Conficker.C, is released out into the wild as a possible new approach by it's creators to evade a security industry effort to break the link between the worm and the hacker controllers.

Security researches have witnessed the creators of Conficker.C performing the tasks of sending updates to systems already infected with Conficker to update them to Conficker.C to carry out a new set of instructions.

If you are not familiar with the earlier version of Conficker then you must know that it was first introduced in October 2008 where it exploited a vulnerability in Microsoft Corp's patch MS08-067. Since then other newer versions of Conficker have appeared such as Conficker.B and now Conficker.C.

The recent discovery of Conficker.C has brought about the conclusion that security researchers and those attempting to combat the Conficker infections will have an even greater task at hand. The update to Conficker.C has beefed up Conficker's defenses against suppression. All of the work put in by the Conficker Cabal, an ad hoc group put together to limit the spread of an earlier Conficker infection, where Conficker.C is able to dismiss the domains created by the group. Conficker uses certain domains to connect to so it can spread to other machines and the groups set up to combat Conficker attempted to stay ahead of the game by pre-registering these domains. This is done so they have control over them before Conficker has a chance to use them for malicious purposes.

There is still light at the end of the tunnel!

Researchers have said there is still a good side to the over-all outcome despite the discovery of a newer version of Conficker. The number of PC's infected with Conficker has drastically decreased and is now estimated to be in the hundreds of thousands instead of millions as previously reported. The number of PC's that may have the updated Conficker.C could be much smaller than anticipated although remains to be a serious threat.

Conficker and all other variants, including Conficker.C, can be avoided through applying the Microsoft Ms08-067 security update. Applying this update will protect you from the Conficker infection that directly attacks a specific vulnerability.

Do you know anyone who was affected by any type of Conficker Worm infection?