Peaches Posted March 10, 2009 Report Share Posted March 10, 2009 9 March 2009, 12:57Conficker modified for more mayhem According to Symantec the Conficker worm has been modified to cause more damage. Previously the worm had only contacted about 250 domains a day, to look for commands and download new code. Symantec report that there is a new variant of Conficker using an algorithm which will contact up to 50,000 domains a day. The new domain generation algorithm also uses one of a 116 possible domain suffixes. This is expected to make life harder for anti-virus specialists, ICANN and OpenDNS to block the domains that Conficker will use and makes it much more likely that Conficker will be generating addresses that point to legitimate sites. Although Conficker generates the domain name from a random combination of letters and should be creating domains that point to largely unused addresses, it is possible to find companies who have domains who's names match the generated addresses. For example, the previous generation of the worm is expected to call wnsux.com on March 13th, a domain owned by Southwest Airlines. Heise security - http://www.h-online.com/security/Conficker...m--/news/112802 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.