With the Conficker worm still infecting computers across the globe, operating system manufacturers, security vendors and experts are learning a little more about worms and the techniques they employ that lead to their successful infection and spread. Particular Conficker strategies that caught experts’ attention in the RSA Conference included the ability for Conficker to stall update functions used by Windows and various security software, while at the same time being able to survive attempts to remove it.

According to Phil Porras, at SRI International’s director of the systems security research, software needs to be able to actively repel these kinds of attacks on systems, and not just passively respond to them. Companies have better keep up with these increasingly adaptive and sophisticated attacks – that they should immediatewly create more advanced preventive measure to preempt these attacks that target security applications themselves.

Conficker had just finished its latest round of updating earlier this month, and new instructions and components coming with these updates are changing the way Conficker behaves. These updates are known as various names – Downad, Downadup, Kido. These new features allowed Conficker to spread again via the P2P network by exploiting another flaw in Windows to redirect its traffic.

This latest version also boasts of a wide array of countermeasures against security technologies deployed against it. Conficker can not only hide its presence inside the machine but also blocks access to more than a hundred security updates sites and can terminate almost two dozen different security and updating programs and processes. It can also reconfigure and bypass the Microsoft firewall and will allow itself to use ports at will. And experts believe that there may be more to come.