Security analysts at F-Secure believe more than 8.9 million computers have been infected by the virus, a worm, which is known variously as Conficker, Kido or Downadup, and targets the Windows operating system. Microsoft said that the worm searches for a Windows file called services.exe, and then embeds itself as part of that code. From there, it is able to burrow deep into the operating system, even changing the System Registry, which stores settings and options for Windows, to trick the machine into running the infected program.
The majority of computers infected by the worm, which was first identified in October, are in Russia, China, Brazil and India. Once the worm is running on the computer, it makes it very hard for users to restore their machine to a safe point before their operating system was infected, and automatically starts to download more malicious programs, that further compromise the PC, from hackers websites.
Anti-virus experts at F-Secure said the level of infections by the worm was skyrocketing and the situation was getting worse. The company has warned that tracing the hackers websites the worm phones home to is incredibly difficult, because they are constantly changing their domain names.
Eddy Willems, a security analyst with anti-virus firm Kaspersky Labs, told the BBC that a new strain of the worm was causing additional problems.
There was a new variant released less than two weeks ago and thats the one causing most of the problems, said Mr Willems
The replication methods are quite good. Its using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism.
Computers users are advised to ensure their anti-virus software, operating system and firewall is up to date, and that they have installed a Microsoft patch designed to combat the problem, MS08-067
Add a Comment
No messages on this article yet