Conficker On The Rise.

January 19, 2009

For those of you not in the know a worm has been going around lately that uses a Windows (all versions) floor to spread itself. Microsoft patched it back in October (I think) but alot of PC’s didn’t apply the patch. As such it has been rising at quite an incredible rate. 

Security analysts at F-Secure believe more than 8.9 million computers have been infected by the virus, a worm, which is known variously as Conficker, Kido or Downadup, and targets the Windows operating system. Microsoft said that the worm searches for a Windows file called “services.exe”, and then embeds itself as part of that code. From there, it is able to burrow deep into the operating system, even changing the System Registry, which stores settings and options for Windows, to trick the machine into running the infected program.

Anti-virus experts at F-Secure said the level of infections by the worm was “skyrocketing” and the situation was “getting worse”. The company has warned that tracing the hackers’ websites the worm ‘phones home’ to is incredibly difficult, because they are constantly changing their domain names.

“The replication methods are quite good. It’s using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism.”

Computers users are advised to ensure their anti-virus software, operating system and firewall is up to date, and that they have installed a Microsoft patch designed to combat the problem, MS08-067, which is available from the Microsoft site.

 

More