Update on Conficker Variants

Over the last few day we have seen a lot of coverage about new Conficker variants. Let me give you a very brief update. But before I start, let me make sure that we are clear on one thing. In the area of security, we often see coverage about somebody who heard something from the brother-in-law’s girlfriend’s nephew (chose any combination you want) that some thing either does not work (a security update is not working) or something really bad is going to happen. If you look at Christopher Budd’s Ten Principles of Microsoft Patch Management, principle number 10 reads The Security Bulletin is always authoritative. This statement is true for Security Updates as well as malware. So, you as a professional please trust only “trusted sources” and nothing else. Especially if a threat hits the press as hard as Conficker.

So, let’s come back to the latest news about Conficker:

Yes, there are two new binaries reported and the best way to get information about them are the following resources:

There is one important quote in the Microsoft Malware Protection Center blog: We are pleased to inform that Microsoft products such as Windows Live OneCare, Windows Live OneCare safety scanner, and the Forefront family of products were able to detect both of these newly reported binaries with existing signatures, no update required as Worm:Win32/Conficker.D and Worm:Win32/Conficker.gen!A. Specific detections have been added for the new variants as Worm:Win32/Conficker.D and Worm:Win32/Conficker.E

Roger