Sign up to our newsletter
It appears there are interesting developments in the Conficker/Downadup development front. Peter Coogan of Symantec describes here a variant that doesn’t appear to be interested in infecting new machines, rather more so in updating and protecting itself on systems already infected with previous variants.
(And, yes, ESET’s ThreatSense technology does already detect it heuristically!)
It seems to have two particularly interesting characteristics:
As Peter suggests, it looks as if the Conficker authors are particularly interested in keeping their hold on systems that are already compromised. That doesn’t mean that other systems won’t be targeted, of course. But it does suggest that systems already compromised have by no means been abandoned: furthermore, whatever it is the Conficker gang have been cooking up with a view to making use of those compromised systems is likely to be served up sooner, rather than later.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET