Windows worm infects millions


If you are a Windows user and have not installed the MS08-067 patch from last October, then perhaps you had better pull your finger out. Of course, it could well be too late, and you could well be one of the nine million or so users who have already fallen victim to one of the most widespread of worms to hit Windows for a long time. If you are a Linux or Mac user, of course, you can sit back and relax.

Known by various names such as Conficker, Downadup and Kido, the worm is exploiting the double-edged sword that is user slowness in applying Microsoft security patches and equal apathy in running up-to-date antivirus software.

The worm will adopt the guise of the services.exe executable, copy itself to your Windows folder as a .dll file and proceeds to modify the Registry in order to grant itself the necessary permissions to run as a service. At this point, things start turning really nasty. The malicious code will install an HTTP server on your network and even reset your Windows OS System Restore point just in case it is discovered so it can copy itself right back again.

Naturally it then goes on to start downloading various other bits of malware, but what makes Conficker a little unusual is that it is capable of generating hundreds of new and varied domain names each day. One of them will be the real host for the malware downloads, but finding it is like looking for the proverbial needle in a haystack.

Which is probably why security experts say that the bugger has infected at least nine million users so far, and the number is growing rapidly. China, Brazil, Russia and India would seem to be the worst hit countries.

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

scru 909 Posting Virtuoso Featured Poster

Ah naive me. I thought the days of nasty Windows infections were over.

Lead Goat 0 Newbie Poster

Windows viruses aren't over ... but they are getting nastier.

EsoxLucius 0 Newbie Poster

There is a new site in place from BitDefender, with two different tools that removes downadup/conficker infections. There's a home user tool and one that is recommended for sysadmins. The second one deploys a tool for scanning and disinfection in your managed network. -

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.