Hackers and malware creators are forever on the lookout for new ways of infecting computers. They sniff out a system of spreading their creations and launch it on an unsuspecting public. A particularly nasty one is currently doing the rounds. Known variously as Conficker, Downadup, and Kido, this worm has the capacity to infect any Windows PC and then spread voraciously around a network.

This Windows worm, known by different monikers due to the various anti-virus and anti-malware companies out there, was first seen in Oct. 2008. Microsoft released a patch to solve the problem but the past week has seen the worm take hold once again due to a new strain.

F-Secure claims that the worm could have infected up to 9 million PCs in the last few days, although official figures put the total number of computers infected at around 3 million. Either way, a new flavor of the worm, dubbed Conficker.B is causing more problems than the older version, Conficker.A did at the end of last year.

The worm operates by exploiting a bug in the Windows Server service. Windows 2000, XP, and Vista are all at risk of infection. The worm makes itself a part of the services.exe file on every Windows computer, copies itself into the Windows system folder, renames itself, and modifies the registry.

From there, it starts its mission to spread and cause mayhem to a system by creating an HTTP server, and downloading files from the Web site/s of the people behind it. Rather than using one of just a handful of selected sites, Conficker generates multiple (possibly hundreds) of domain names and uses one of those to update the system with whatever the hacker wants to update it with. Finding one site would be easy enough but one site out of hundreds, which change on a daily basis, is virtually impossible.

This worm is also very clever in its attempts to remain undetected and to spread far and wide. The System Restore point of an infected machine is reset to ensure a quick fix is out of the question, and the worm can spread to other networked computer with weak passwords, or even via removable media such as external hard drives and USB sticks.

Everyone needs to download and install the emergency Security Update MS08-067 from Microsoft which will prevent a machine from being compromised by either current version of the worm. Those who fear their system is already infected need to run the latest Malicious Software Removal Tool which should scrub the system clean.

As malware creators become more inventive and cunning with their methods, it’s more important than ever to take the basic steps in protecting your computer. Install a firewall, anti-virus and anti-malware software, and update these all regularly. Also download the latest updates and patches issued by the vendor of your operating system and Web browser. And lastly, don’t click on anything suspect in an email or on an untrusted site.

[Via BBC News]

Related:

Entry was posted on Saturday, January 17th, 2009 at 6:16 pm under Internet, Malware, Microsoft, Opinion, Technology.

Read more entries by Dave Parrack.
Stumble It!