New Conficker B++ Worm Variant On the Prowl

A new Conficker variant was spotted a couple days ago by security experts, which could majorly give the worm creator more interesting ways to spread the worm. The new variant, dubbed Conficker B++ not to be confused with Conficker B, uses new techniques to download software giving the worm more opportunities to exploit a machine.

The Conficker worm spreads itself primarily through a buffer overflow vulnerability in the Server Service on Windows computers. The worm uses a specially crafted RPC request to execute code on the target computer. When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.

It then connects to a server, where it receives further orders to propagate, gathers personal information, and downloads and installs additional malware onto the victim's computer. The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.

The new Conficker B++ variant adds 39 new routines to the worm and 3 existing routines were changed. It's obvious the creator is still pursuing ways new ways to get around detection and spread the worm. Users must download and install the patch in the MS08-067 to protect themselves in addition to a antivirus solution.