According to Trend Micro, computers are receiving a new variant of Conficker through connections to P2P networks. This is the code WORM_DOWNAD.E, which, in the opinion of the company, belongs to the malware Waledac, responsible for one of botnets of greater expression.
Paul Ferguson of Trend Micro explains that the component is discharged «in the form of dropper«, a sequence designed to install malware on the PC in an undetectable way. According to the expert, this variant seems to adapt better to the rootkit designation, although there is still not enough information to conclude what type of code this is.
Apparently, the downloaded file aims to infect other PCs connected to the network that do not yet have a Microsoft fix installed.
The new variant also provides instructions for the virus to access, on May 3, sites like MySpace, AOL, eBay and others to ensure that the infected machine has an Internet connection and download the second component of this code. Some sites will be blocked, just like before.