Email
Password
Remember meForgot password?
    Log in with Twitter

Windows Worm Affects 3.5 Million Machines

By Naved Akhtar     Jan 16, 2009 in Technology
A malicious program first discovered in October 2008 has infected 3.5 million machines spreading through low security networks, PCs and memory sticks.
The worm known as Kido, Conficker or Downadp was first discovered in October 2008. Despite the fact that Microsoft has released a patch, 3.5 million machines have been affected and it is still a major threat to users. Users should ensure they install Microsoft patch MS08-067 and have up to date anti-virus software.
Microsoft says the worm works by searching for the windows executable file, “services.exe” and then becomes part of the code. Once it has done this, it copies itself into the windows system folder as a random “dll” file with a 5-8 character name. It then modifies the registry so that it can run the modified dll file as a service. The worm creates a HTTP server and downloads files from the hacker’s web site.
Worms of this type usually use a handful of sites to download files from, which makes them fairly easy to locate and shutdown. However, this worm uses a complicated algorithm to generate hundreds of different domain names every day making it impossible to trace to the hacker’s actual site.
A new strain of the worm is complicating matters. Kaspersky Lab’s security analyst, Eddy Willems, told the BBC:
“There was a new variant released less than two weeks ago and that’s the one causing most of the problems”
“The replication methods are quite good. It’s using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants through this mechanism.”
“Of course, the real problem is that people haven’t patched their software. If people do patch their software, they should have little to worry about.”
Microsoft has said that computers have been infected in many different parts of the world with the highest number of victims in India, Russia, Brazil and China.
More about Worm, Virus, Kido, Conficker, Downadp