Windows worm infects millions

happygeek 0 Tallied Votes 726 Views Share

If you are a Windows user and have not installed the MS08-067 patch from last October, then perhaps you had better pull your finger out. Of course, it could well be too late, and you could well be one of the nine million or so users who have already fallen victim to one of the most widespread of worms to hit Windows for a long time. If you are a Linux or Mac user, of course, you can sit back and relax.

Known by various names such as Conficker, Downadup and Kido, the worm is exploiting the double-edged sword that is user slowness in applying Microsoft security patches and equal apathy in running up-to-date antivirus software.

The worm will adopt the guise of the services.exe executable, copy itself to your Windows folder as a .dll file and proceeds to modify the Registry in order to grant itself the necessary permissions to run as a service. At this point, things start turning really nasty. The malicious code will install an HTTP server on your network and even reset your Windows OS System Restore point just in case it is discovered so it can copy itself right back again.

Naturally it then goes on to start downloading various other bits of malware, but what makes Conficker a little unusual is that it is capable of generating hundreds of new and varied domain names each day. One of them will be the real host for the malware downloads, but finding it is like looking for the proverbial needle in a haystack.

Which is probably why security experts say that the bugger has infected at least nine million users so far, and the number is growing rapidly. China, Brazil, Russia and India would seem to be the worst hit countries.

scru 909 Posting Virtuoso Featured Poster

Ah naive me. I thought the days of nasty Windows infections were over.

Lead Goat 0 Newbie Poster

Windows viruses aren't over ... but they are getting nastier.

EsoxLucius 0 Newbie Poster

There is a new site in place from BitDefender, with two different tools that removes downadup/conficker infections. There's a home user tool and one that is recommended for sysadmins. The second one deploys a tool for scanning and disinfection in your managed network. -

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.