Symantec identifies third, more aggressive Downadup/Conficker variant

Downadup variant is better at defending itself from anti-malware technologies

A third version of Downadup, also called Conficker, has been identified, and Symantec says it's better at defending itself from anti-malware tactics.

A third version of Downadup has been identified by Symantec, which says the new variant gives infected machines more powerful instructions to disable anti-virus software and analysis tools, among other actions.

W32.Downadup.C is a modular component for machines currently infected with Downadup. This variant of Downadup, also called Conficker, is not attempting to self-replicate and appears to behave more like a Trojan than a worm, says Vincent Weafer, vice president of Symantec Security Response.

“Think of it as an updated module that’s more aggressive, more robust in defending itself,” Weafer says.

The W32 Downadup.C variant was discovered today in a Symantec honeypot and is still under investigation. Symantec expects to identify additional capabilities shortly, says Weafer, who adds that Symantec has not yet seen W32.Downadup.C in customer networks directly.

Earlier versions of Downadup did attempt to disable anti-virus software, but the third version represented in the Downadup.C module is designed mainly to provide more protective actions to infected Windows-based machines so they can better defend themselves from anti-virus software and other eradication methods.

“It’s more aggressive, it has more services,” says Weafer.

Learn more about this topic

Beyond Downadup: Security expert worries about smart phone, TinyURL threats

Researchers wait for Downadup’s second act

Microsoft offers $250,000 Conficker worm bounty
From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies