By taking advantage of the “Autoplay” function in Microsoft Windows Vista and early versions of Windows 7, the Conficker virus is causing hassle for security experts.
Researchers have established that drives such as USB sticks infected with the virus are tricking users into installing the worm. The autoplay function automatically searches for programs on removable drives but this virus hijacks this process masking itself as a folder to be opened. When the user clicks on the folder, the worm installs itself.
Upon installation the worm attempts to contact one of a number of web servers from where it could download another program and take control of the infected computer. The worm is unusual in the clever way it determines what server to contact. F-Secure’s chief research officer, Mikko Hypponen said in a blog post:
“It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com”
“This makes it impossible and/or impractical for us good guys to shut them all down – most of them are never registered in the first place.”
He went on to say:
“However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website – and they then access to all of the infected machines.”
This worm has spread to an estimated 9m computers globally. A number of high-profile instances of the virus have arisen in the UK. The Ministry of Defence has been battling against the virus across its network for over two weeks. In addition to this, yesterday, a network of hospitals in Sheffield told website, The Register that more than 800 of their computers have been infected.
Users are being urged to download Microsoft Patch KB958644 to mitigate the risk of infection.
Email this
Share on Facebook
Whitney Houston dead at 48 years old Breaking News
Listen
Print
Social Comments ()
Digital Journal Comments
