Conficker getting bigger and meaner but BitDefender’s free disinfection tool is here to help!

Peter Dinham
Thursday, 12 March 2009 08:42

IT Industry - Deals

BitDefender is offering a free tool for consumers that will disinfect all versions of Downadup – or  the Conficker worm as it’s commonly known – which the security firm says has swept across the globe infecting 15 million computers worldwide.

In an announcement today, BitDefender says it is the first to offer a free disinfection tool for all versions of Conficker and it’s been made available for users at http://bdtools.net. What’s more, BitDefender says this domain is also the first to serve a removal tool without being blocked by the threat.

As reported by iTWire three days ago -  http://www.itwire.com/content/view/23702/598/ Symantec said it had uncovered a new variant of the Downadup threat, which it warned was being pushed out to systems already infected with Downadup, while at about the same time BitDefender said it had detected a new and more aggressive version of the persistent virus.
 
BitDefender says that once a PC is compromised, the worm disables Windows Update and blocks access to most anti-virus websites in order to prevent the user from disinfecting the PC. The full name of the virus is Win32.Worm.Downadup.C, and it spreads using a Windows RPC Server Service vulnerability.

According to BitDefender, the worm itself is not new, but this new version is proving to be more resistant to disinfection. The security firm says the worm made its first appearance in late November 2008, known under the names of Conficker or Kido, and it is also known for exploiting the vulnerability described in the Microsoft security bulletin MS08-067.

Vlad Valceanu, BitDefender’s senior malware analyst, said today that BitDefender Labs had been seeing an increase in worms, like Downadup, that had a built-in mathematical algorithm, generating strings based on the current date.
 
“The worms then produce a fixed number of domain names on a daily basis and check them for updates. This makes it easy for malware writers and cybercriminals to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files. It’s clever – and as a result of that quite dangerous also."