Yet another new variant of theĀ Confiker, or Downadup, worm is on it’s way.
And the latest version could be a lot harder to stop.
The original Confiker checked around 250 different URLs every day, looking for updates.
The latest version, however, will be an awful lot harder to track and stop.
The newest edition of Confiker, also known as Kido, Downadup.C and Conficker.C, causes infected machines to search a much larger list of domains, believed to exceed 50,000 in number.
As you can imagine, that makes the task of blocking the domains exponentially harder for the security professionals who are trying to quell the threat.
Confiker first came to prominence back in November last year and is believed to have infected over 11 million computers already.
{ 4 comments… read them below or add one }
You may consider using the free http://www.opendns.org as they are blocking such domains. In other words: if you (or the virus) ask OpenDNS for the IP address of some domain, and it has been blocked, then you (or the virus) won’t get it).
See Stats are back; and we’re blocking Conficker.
Of course, it may take some time before the domain is listed a malicious, but at least it can stop many requests…
I think Conficker will get through the whole alphabet before someone comes up with a permanent solution to it.
LOL, you may well be right!
Thanks for the advice Arjan.