New Windows Virus Variant Causes Increased Infection
January 19, 2009
US (ChattahBox) – According to Microsoft, a worm virus that has been infecting computers since October has now spread to over eight million computers, creating fears that the infestation will reach epic new levels in 2009.
The worm, known as Conficker, Downadup, and Kido, can be transferred in several different ways, including through the use of flash drives, making it difficult to protect against it, even if your computer updates are current.
The only thing that can be done is using reliable anti-virus software, and secure passwords, that will be harder for the program to break.
“Microsoft did a good job of updating people’s home computers, but the virus continues to infect businesses who have ignored the patch update,” Graham Cluley, a senior technology consultant for the computer security company, Sophos, said. “A shortage of IT staff during the holiday break didn’t help and rolling out a patch over a large number of computers isn’t easy.
“What’s more, if your users are using weak passwords – 12345, QWERTY, etc – then the virus can crack them in short order.”
The virus works by infiltrating the ‘services.exe’ file, a system file crucial for Windows function, and merging with it, allowing itself to masquerade as a driver, and copy itself until it can modify the Registry.
Once this has been done, it will create a specialized server, which allows various malware from the hacker’s website to be downloaded automatically onto your system, resetting all Restore points to make it near to impossible to regain control of your system. Because the worm also generates hundreds of rotating websites, it also makes in impossible to trace the originating file site, instead burying it in various url’s, any of which could be the hacker’s actual site.
While Microsoft is working to identify and fight this new virus, new versions of the malware are making it difficult.
“There was a new variant released less than two weeks ago and that’s the one causing most of the problems,” Eddy Willems, a security expert with Kaspersky Lab, told reporters.
“The replication methods are quite good. It’s using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism.”
“Of course, the real problem is that people haven’t patched their software.”