BitDefender claims it has Conficker killer
Security firm BitDefender says it’s developed the first successful removal tool for the Conficker virus. The firm says the tool is particularly important now that an even stronger version of the virus is circulating.
The big problem with dealing with the virus to date has been that, once it’s infected a machine, Conficker blocks access to the servers of many leading anti-virus firms. The virus also blocks the Windows Update service.
According to BitDefender, it has found a way to prevent an individual domain from being blocked by the virus. This has allowed it to distribute a free removal tool on the site, http://bdtools.net/.
BitDefender says it found a new variant of the virus at the weekend, dubbed Win32.Worm.Downadup.Gen (which will also be known as Conficker.C by some firms). Analysis of this variant shows the people responsible for it have greatly increased their battle against security experts.
That’s because the creators use a system that generates random domain names which they buy up and use to distribute updates and instructions to the virus. The second edition of the virus worked on a system which created 250 domain names a day.
Security experts had figured out how the system worked and it became theoretically possible (if impractical) to buy up the relevant domains before the hackers could use them. In the new version of the virus, the system creates 50,000 domains a day, each ending in any of 116 suffixes rather than just .com addresses.
Symantec believes the new variant shows the creators have changed tactics and are now more concerned with protecting the existing network of infected machines than spreading the virus. That certainly seems to back the theory that the creators aren’t planning to take advantage of the network themselves and will instead sell it to the highest bidder among the world’s cybercriminals.
(Update: BitDefender has contacted Blorge to clarify that “BitDefender never found a way to prevent an individual domain from being blocked and probably will not find a way to do so either. Also we never stated this officially anywhere. What we did however, is register a domain that is NOT blocked by the worms’ filter. It is, if you want to call it that way, a workaround to the worms domain blocking feature.”)
Related Posts:
March 13th, 2009
Wow, i finally got rid of that nasty virus, thanks bitdefender!
March 17th, 2009
That tool did it for me too. My computer was a mess because of that Conflicker worm…
Kudos BitDefender