October 2008 was the first sighting of the malicious program known as Conficker, Downadup, or Kido, which has now infected more than three million machines.
The worm, which attacks through the Server Service Vulnerability was patched in one of the latest Windows updates (if you didn’t get it, the MS08-067 patch is available from the Microsoft Web Site).
Without going into the technical details of it, the worm latches onto “Services.exe” and propagates a random file forcing you to run it on the next reboot. It then damages your last system restore point (making the worm harder to get rid of), and sets up a download to get more infected files.
It doesn’t just go looking for files on one website though, but hundreds, which is why tracking it is so hard; it also keeps an “ear” out for anti-viruses, so it can download itself if it’s ever removed.
Two weeks ago, the virus “mutated” to become even harder to catch, and the major antivirus services are struggling to keep up. Complicating matters further is the virus’ ability to track your IP address to keep you infected and block you from security websites.
The patch, however, shuts it down at the source, but with so many computers out there not being patched regularly, there are still plenty of CDs, DVDs, hard drives and memory sticks to infect.
Luckily, technicians have managed to reverse engineer the virus so they can see which machines are infected, but because of the hacking laws, they can’t disinfect the machines remotely.
Nearly 4,000 machines in the U.S. are infected – better make sure yours isn’t one of them.
Update January 19th : According to the BBC numbers are now skyrocketing. Last count by F-Secure indicates there are now 8.9 million machines infected. Sophos, one of the main computer security support networks, have admitted that just having the patch doesn’t make you safe, as the virus can also be spread by memory sticks, so there’s a real need for antivirus software as well.
Published: Jan 19, 2009 01:35 pm