Virus That Downed French Air Force Still At Large, Upgraded With New Attacks


OK, we got some cheap laughs when we learned a Windows virus called ‘Conficker’ penetrated French military networks and grounded the French Air Force. Then last week when Microsoft (MSFT) declared it was offering a $250,000 reward for the arrest and conviction of the masterminds behind Conficker, we assumed the author was some 15-year-old punk who has long since gone anonymous.

Maybe we spoke too soon. Conficker looks less and less like a prank, and more like an organised crime operation. PCWorld is reporting a new variant, Conficker B++, has a host of alarming new features.

We’re still coming up to speed on Conficker, but what we don’t yet get is: How is it that Microsoft and others are aware enough of the problem that they have a six-figure reward out, yet they can’t stop this thing? The Microsoft security bulletin PCWorld references dates from October. Are all the victims people who haven’t run a software/security update in six months?

The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.

Conficker-infected machines could be used for nasty stuff — sending spam, logging keystrokes, or launching denial of service (DoS) attacks..

Also known as Downadup, Conficker spreads using a variety of techniques. It exploits a dangerous Windows bug to attack computers on a local area network, and it can also spread via USB devices such as cameras or storage devices. All variants of Conficker have now infected about 10.5 million computers, according to SRI.