Conficker Variant Dispenses With Need To Phone Home.

[Peaches]

Conficker variant dispenses with need to phone home.

Stealth variant Sidesteps MS-led takedown effort

By John Leyden

23rd February 2009 13:16 GMT

Virus authors have released a new variant of the infamous Conficker (Downadup) worm with enhanced auto-update features.

The changes in the new strain of the malware, dubbed Conficker B++, make it possible for malware authors to push out new code without publishing it on pre-programmed sites, as with earlier variants. The earlier approach has been frustrated by the recent formation of an alliance led by Microsoft geared up to block and take down sites associated with the worm.

"Perhaps as one response to the cabal's action, or simply to produce a more efficient push-based updating service, the Conficker authors have released a variant of Conficker B, which significantly upgrades their ability to flash Conficker drones with Win32 binaries from any address on the Internet," explains an analysis by security firm SRI International.

Conficker B++ is somewhat similar to Conficker B, with 294 of 297 sub-routines the same and 39 additional subroutines. The latest variant, first spotted on 16 February, is even more sneaky than its previous incarnations, SRI explains.

The Register story: http://www.theregister.co.uk/2009/02/23/conficker_variant/ Also CNet news for story: http://news.cnet.com/security/ [New variant of conficker worm circulates].