Author Topic: Symantec Warns of Worm's Return  (Read 2247 times)

0 Members and 1 Guest are viewing this topic.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Symantec Warns of Worm's Return
« on: March 09, 2009, 05:21:03 AM »
A third version of Downadup has been identified by Symantec, which says the new variant gives infected machines more powerful instructions to disable antivirus software and analysis tools, among other actions.

http://www.pcworld.com/article/160872/article.html?tk=nl_dnxnws

You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

CharleyO

  • Guest
Re: Symantec Warns of Worm's Return
« Reply #1 on: March 09, 2009, 06:08:30 AM »
***

Thanks for posting this information, Marc.   :)


***

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Symantec Warns of Worm's Return
« Reply #2 on: March 09, 2009, 03:03:10 PM »
Hi Marc & CharleyO,

Yes Conficker-C digs in deeper and kills all these processes when found:
ny processes found on an infected machine that contain an antivirus or security analysis tool string from the list below are killed:

•    wireshark
•    unlocker
•    tcpview
•    sysclean
•    scct_
•    regmon
•    procmon
•    procexp
•    ms08-06
•    mrtstub
•    mrt.
•    mbsa.
•    klwk
•    kido
•    kb958
•    kb890
•    hotfix
•    gmer
•    filemon
•    downad
•    confick
•    avenger
•    autoruns
Also has another registration algorythm. Shortly the third version represented in the Downadup.C module is designed mainly to provide more protective actions to infected Windows-based machines so they can better defend themselves from anti-virus software and other eradication methods.

"It's more aggressive, it has more services, but only for those already infected with the previous worm"

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!