the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshark and regmon.
And for another, it also greatly expands the number of domain names infected machines contact on a daily basis.
Up to now, a pseudo random domain name generator produced 250 addresses that infected machines reported to each day. The industry consortium, dubbed the Conficker cabal, responded by cracking the algorithm and snapping up those domains ahead of the malware authors to prevent the infected machines from sustaining further damage.
The new component ups the ante by increasing the number of domains to 50,000 per day.
Vajdic showed delegates an email purported to be from a malware ‘provider’ offering hosted services for an extra $50 for three months.
Vasco’s regional director for Pacific, India and Japan, Dan Dica, said company researchers buy the kits online and disassemble them to try to learn the secrets of their programming.
“The kits come with maintenance, support and a user guide,” Dica said.
“For $400 you can become a hacker.”
Vajdic said that toolkit creators increasingly appeared to apply commercial development techniques in their creation.
“There’s evidence of solid software engineering practices being built into them,” he said.
“Today’s bad guy is a business person that attracts investment, has malware writers working under them and probably even employs a project manager.