The Conficker Internet worm has mutated
with a new version that opens up a backdoor that could allow an attacker to
distribute malware to infected machines.
According to CERT, the new
Conficker/Downadup worm, dubbed "Conficker B++," uses a new backdoor with
"auto-update" functionality. Microsoft has said that there is no
indication that systems infected with previous variants of Conficker can
automatically be re-infected with the new variant. The virus writers were
probably getting bored with the original version.
The new variant no longer patches
netapi32.dll against all attempts to exploit it. It now looks for a specific
pattern in the incoming shellcode and for a URL to an updated payload.
Redmond has offered $250,000 for the
head of the bloke or blokette who penned the Conficker worm.