Remember Conficker, the virulent worm which caused such havoc at the start of the year? No, well maybe news headlines such as 'Virus sinks Royal Navy fleet comms' and 'Windows worm infects millions' might help jog your memory. Well hold onto your hats people, Conficker is back. And this time it comes with a new twist.
According to security specialists BitDefender the worm has not turned, but returned. Looking at the e-threat statistical report the company produces, I could hardly believe my eyes: sitting ugly on top of the most infected by charts was Conficker. In fact, of all the infected machines that BitDefender looked into during the month of August, Conficker (a.k.a Win32.Worm.Downadup) was sitting there staring back at them on a really quite staggering 43% of them. That puts it way out in front of other malware threats, with the second most prevalent infection (an Embarcadero Delphi built code injector called Win32.Induc.A) mustering a relatively meagre 15% share.
The latest Conficker variant has some new tricks up its virtual sleeve, such as not only being able to prevent access to IT security vendor websites as it always has but adding the installation of rogue security software onto the compromised machine. Highly profitable scareware scams have hit the headlines here at DaniWeb before, and Microsoft has had some success in hunting down the offenders. But the fact that Conficker is blocking access to legit software sites and leaving the door open to fake security solutions is a worrying turn of events.
The rest of the August threat list looks like this:
3. Win32.Sality.OG (polymorphic file infector)
4. Worm.Autorun.VHG (network worm)
5. Win32.Virtob.Gen (file infector written in assembly language)
6. Packer.Malware.NSAnti.1 (malware packing protection)
7. Win32.Worm.AutoIT.AC (keylogger dropper)
8. Win32.Sality.2.OE (dropped by Win32.Sality)
9. GEN:TDSS.Patched.1 (file dropper)
10. Win32.Worm.Downadup.Gen (worm exploiting MS08-67 vulnerability)