Symantec uncovers new Downadup nasty

Peter Dinham
Monday, 09 March 2009 13:03

IT Industry - Deals

Symantec has uncovered a new variant of the Downadup threat (a.k.a. Conficker) which it warns is being pushed out to systems that are already infected with Downadup.

According to Symantec, this new threat - which it calls W32.Downadup.C. – at this stage, is not using a spreading mechanism although it says its goal appears to be to increase the longevity of the threat on the user’s system.

Symantec says the variant is a modular component for machines currently infected with Downadup and is giving instructions to disable AV software and analysis tools among other services.
 
“Our initial findings have already revealed some interesting new attributes - it does not seem to be using any existing or new means to spread the threat to new machines.”

Symantec says that early findings in the industry’s success in cracking the W32.Downadup.B domain-generation algorithm for communicating with the command & control server, suggest that the Downadup authors may now be aiming to increase the longevity of the existing Downadup threat on infected machines.
 
“Instead of trying to infect further systems, they seem to be protecting currently infected Downadup machines from antivirus software and remediation. Currently we are not seeing an increase in customer infections for this threat but are keeping a close eye on it.”