- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
A third version of Downadup has been identified by Symantec, which says the new variant gives infected machines more powerful instructions to disable anti-virus software and analysis tools, among other actions.
W32.Downadup.C is a modular component for machines currently infected with Downadup. This variant of Downadup, also called Conficker, is not attempting to self-replicate and appears to behave more like a Trojan than a worm, says Vincent Weafer, vice president of Symantec Security Response.
“Think of it as an updated module that’s more aggressive, more robust in defending itself,” Weafer says.
The W32 Downadup.C variant was discovered today in a Symantec honeypot and is still under investigation. Symantec expects to identify additional capabilities shortly, says Weafer, who adds that Symantec has not yet seen W32.Downadup.C in customer networks directly.
Earlier versions of Downadup did attempt to disable anti-virus software, but the third version represented in the Downadup.C module is designed mainly to provide more protective actions to infected Windows-based machines so they can better defend themselves from anti-virus software and other eradication methods.
“It’s more aggressive, it has more services,” says Weafer.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (13)
Dumb Symantec. How can it be MORE aggressive if it is not trying to replicate itself while previous version did? For me it sounBy Anonymous on March 9, 2009, 6:05 amDumb Symantec. How can it be MORE aggressive if it is not trying to replicate itself while previous version did? For me it sounds like this worm is LESS aggressive.
Reply | Read entire comment
reply to dumbBy Anonymous on March 9, 2009, 10:34 amDear dumb, just because it doesn't replicate doesn't mean it isn't more aggressive in taking over your system and fighting off antivirus programs. Read the fine...
Reply | Read entire comment
ummmBy Anonymous on March 9, 2009, 10:50 amWhen will Symantec and over AV vendors start to develope a true protection mechanism against day-0 attacks instead of writing signatures all day. Isn't there a few...
Reply | Read entire comment
Dear UmmmBy Anonymous on March 9, 2009, 11:07 amWhile what you state has some merit, I think if it was easy to accomplish, the AV vendors would have that process in place. Can we prevent a virus/worm that has...
Reply | Read entire comment
Viruses and WormsBy freecode on March 9, 2009, 2:14 pmThe real problem here is the fact that the most prevalent OS allows executables and other infections to take over their "registry" and hide services in the first...
Reply | Read entire comment
whilstBy simonficker on March 9, 2009, 6:14 pmDumb is correct in the sense that the worm is less agressive with propogation however the worm is more agressive in defending itself against removal.
Reply | Read entire comment
View all comments