The Raging Windows Worm has attacked over 8.9 Million Computers

January 19, 2009 by John Messina Downadup Worm

(PhysOrg.com) -- Last week the global internet community was hit by the Downadup worm also know as Conficker, or Kido. This worm is now using multiple ways of infecting computers, including USB sticks. If someone were to take a USB memory stick from one infected computer and plug it into another, it would infect that computer and the network as well. Once a USB memory stick is infected, there is no Microsoft patch to remove the worm.

This attack has been more widespread on corporate networks because companies did not have the patch installed in time. This could have been caused by any number of reasons. For instance an IT Department may have been short handed or have workload related issues preventing the patch from being installed in a timely manner. Microsoft did a good job in having home computers updated with the patch but corporate networks are still being infected.

This worm is very sophisticated because it exploits multiple secure flaws in Microsoft's Windows OS's. The worm starts by injecting itself into one of Microsoft's common system process, services.exe. From there it creates a new random five letter DLL file in the Windows system folder. The Windows registry is then edited to make reference to the DLL file and runs when the computer is restarted.

Once the worm is in the computer system, it creates an HTTP server and proceeds to download malware from the hacker's websites. System restore has been wiped clean and reset on the computer making it impossible to restore your system prior to the infection.

Each day there are hundreds of dummy domain names being generated by an algorithm coded in the worm but only one site is the actual malware site. With this trickery employed, it makes it very difficult to find what is being installed each day.

This worm spreads mainly through corporate networks. An infected computer will scan the network for other computers and gain access through the Windows secure flaw. Even though a password is needed to gain access to other computers, it will guess short passwords by brute force method thereby gaining access to those computers.

The only way to stop this worm is by applying Microsoft's patch MS08-067 before computer networks get infected.

Rate this story - 4.9 /5 (11 votes)

rank
1
2
3
4
5

view popular

Move the slider to adjust rank threshold, so that you can hide some of the comments.

Display comments: newest first

DGBEACH - Jan 19, 2009
- Rank: 3 / 5 (4)
Linux...need I say more?
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
frajo - Jan 19, 2009
- Rank: not rated yet
eComStation.
*BSD.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
YankInOz - Jan 19, 2009
- Rank: not rated yet
But NO Apple Macs - Hmmmm
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
Mercury_01 - Jan 19, 2009
- Rank: not rated yet
worms are bad.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
axemaster - Jan 19, 2009
- Rank: 4 / 5 (1)
Well, this crap is the reason why i switched to Mac. Despite the lack of games, it doesn't get this crap, so I'm happy.

Before you flame, I also have a windows gaming computer - I just never connect it to the internet.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
WolfAtTheDoor - Jan 19, 2009
- Rank: 1 / 5 (1)
Viruses happen.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
Soylent - Jan 19, 2009
- Rank: 1 / 5 (2)
Linux...need I say more?

Yes.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
denijane - Jan 20, 2009
- Rank: 5 / 5 (2)
The moral? Use Linux :)
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
PB94941 - Jan 20, 2009
- Rank: 1 / 5 (1)
my main pc still runs windows and will do until Linux becomes more compatible. If you get decent anti virus (Nod32) and don't go on dodgy websites you will be fine. I only use Linux on my computers that are not top spec.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5
CreepyD - Jan 20, 2009
- Rank: not rated yet
We've had this virus at work, it's a right pain in the rear. We've spent hours removing it from having it on just a small handful of PC's.
If they catch who made it, they should be hung or something for wasting millions of man hours.
- report abuse
- - Current rank
  - 1
  - 2
  - 3
  - 4
  - 5

Other News

AT&T and Verizon ads duel on airwaves and in court

Technology / Business

1hour ago | not rated yet | 0

(AP) -- What would the holidays be without bickering between siblings? AT&T and Verizon are swamping TV with ads attacking facets of each other's wireless networks. While the ads stick fairly close to the truth, there's ...

The number of text messages that a mobile user in S.Korea can send out a day has been restricted to 500, down from 1,000

S.Korea halves ceiling on text messages to fight spam

Technology / Telecom

48 minutes ago | not rated yet | 0

South Korean authorities on Wednesday halved the daily limit on text messages sent out by mobile phones as part of a campaign against spam, officials said.

New computer cluster gets its grunt from games

Technology / Computer Sciences

42 minutes ago | not rated yet | 0

Technology designed to blast aliens in computer games is part of a new GPU (Graphics Processing Units) computer cluster that will process CSIRO research data thousands of times faster and more efficiently ...

Selling chip makers on optical computing

Technology / Semiconductors

15 hours ago | 4.9 / 5 (8) | 1

(PhysOrg.com) -- Computer chips that transmit data with light instead of electricity consume much less power than conventional chips, but so far, they've remained laboratory curiosities. Professors Vladimir ...

Facebook creates dual-class structure, but no IPO

Technology / Business

11 hours ago | 1 / 5 (1) | 0

(AP) -- Facebook has created a dual-class stock structure designed to give founder Mark Zuckerberg and other existing shareholders control over the company.