As reported by iTWire three days ago - https://www.itwire.com/content/view/23702/598/ Symantec said it had uncovered a new variant of the Downadup threat, which it warned was being pushed out to systems already infected with Downadup, while at about the same time BitDefender said it had detected a new and more aggressive version of the persistent virus.
BitDefender says that once a PC is compromised, the worm disables Windows Update and blocks access to most anti-virus websites in order to prevent the user from disinfecting the PC. The full name of the virus is Win32.Worm.Downadup.C, and it spreads using a Windows RPC Server Service vulnerability.
According to BitDefender, the worm itself is not new, but this new version is proving to be more resistant to disinfection. The security firm says the worm made its first appearance in late November 2008, known under the names of Conficker or Kido, and it is also known for exploiting the vulnerability described in the Microsoft security bulletin MS08-067.
Vlad Valceanu, BitDefender’s senior malware analyst, said today that BitDefender Labs had been seeing an increase in worms, like Downadup, that had a built-in mathematical algorithm, generating strings based on the current date.
“The worms then produce a fixed number of domain names on a daily basis and check them for updates. This makes it easy for malware writers and cybercriminals to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files. It’s clever – and as a result of that quite dangerous also."