Conficker Worm Infections Soar
New reports indicate that the proliferation of the Conficker computer virus (also known as Kido or Downadup) has nearly quadrupled in the last four days. The virus has gone from just over 2 million Microsoft Windows computers infected to 8.9 million, according to estimates by anti-virus company F-Secure. Though Microsoft issued a patch with a severity rating of “critical” in mid-October 2008, just days after Conficker was first discovered, many business computers still have not applied the patch.
USB sticks are a primary method of infection
Most to all of the infected computers are on corporate networks; Conficker cannot spread through the Internet or e-mails. Instead, when an infected laptop connects to a corporate network, the virus searches for vulnerable computers and attempts to guess its password. Conficker also infects USB sticks, which then infect any computer the stick is plugged in to.
After it gains access to the computer, Conficker adds itself to the Windows process “services.exe”, then makes a copy of itself as a DLL file with a random five- to eight-character name. The virus also disables Windows services such as Windows Update and Windows Defender.
The virus then generates a large amount of domain names; only one of these is connected to and used to download more malware. This domain is believed to be in Ukraine.
Microsoft has advised users to install the patch (security bulletin MS08-067), then run the latest edition of the Windows Malicious Software Removal Tool.
