Security company Symantec has spotted a third version of the Conficker worm. The company said that the new variant gives infected machines more powerful instructions to disable anti-virus software and analysis tools, among other actions.
The new variant of Conficker, also known as Downadup, is a modular component for machines currently infected. This variant is not attempting to self-replicate and appears to behave more like a Trojan than a worm, said Vincent Weafer, vice president of Symantec Security Response.
"Think of it as an updated module that's more aggressive, more robust in defending itself," Weafer said.
The W32 Downadup.C variant was discovered in a Symantec honeypot and is still under investigation. Symantec expects to identify additional capabilities shortly, said Weafer, adding that Symantec has not yet seen W32.Downadup.C in customer networks.
Earlier versions of the worm did attempt to disable anti-virus software, but the third version represented in has been designed mainly to provide more protective actions to infected Windows-based machines so they can better defend themselves from anti-virus software and other eradication methods.
"It's more aggressive, it has more services," says Weafer.