Archive for January 20th, 2009

Downadup or Kido Virus Infects 9 Million

Tuesday, January 20th, 2009

It’s very much in the news these days that a nasty worm called “Downadup” aka “Conficker” and “Kido” has affected over 9 million Windows users worldwide. It’s said to be one of the worst malware outbreaks of the past five years which includes a code or other malware that could damage both, the system and the network. The worm is spreading through low security networks, memory sticks, and PCs without current security updates.

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.

 It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

Often, there’s a new malware around looking to get into your PC and users should be very careful in using update patches offered by Windows regulalry. And make sure that the anti virus or any other protection program is updated regularly.

If you’re a victim of this worm, you could visit F-Secure’s Malware Information page for more information for its removal from your computer system.

Good luck!