China, Brazil and Russia have been hit hardest by a new virus outbreak
Windows worm hits 8.9m PCs in a week
/v3-uk/news/1961168/windows-worm-hits-89m-pcs
17 Jan 2009, Iain Thomson , V3
Security researchers are reporting that a worm has infected 3.5 million Windows computers in the past four days.
The worm, known as 'Conficker', 'Downadup' or 'Kido', exploits a vulnerability that Microsoft patched in October 2008. The malware sets up an HTTP server and resets a machine's System Restore point to stop administrators deleting it.
"The number of Downadup infections are skyrocketing based on our calculations," said security firm F-Secure in a blog posting.
"From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing."
The worm contains the usual Trojan package that allows the controller to download new files from their own server. But, in an unusual twist, the malware generates hundreds of seemingly random domain names to scan for updates, making it much harder to track the one used by the malware writer.
"Our advice is to block all incoming and outgoing traffic on port 445 from those computers to ensure that (a) they aren't hit with exploits from the internet and (b) if they somehow are exploited, they aren't able to infect the rest of the network via file shares," said Graham Cluley, senior technology consultant at Sophos.
"Furthermore, if you have a group policy in place to lock out accounts after too many unsuccessful log-in attempts, the worm will probably cause many of these accounts to become locked out during the worm's password cracking attempts.
"This can obviously be annoying but, at the same time, it is a good indicator that you may have an infected computer on the network."
Servers in the US and Europe have had the fewest infections owing to regular updating by IT administrators. China, Brazil and Russia have been hit hardest, according to F-Secure.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Amazing and Annoying Thanks for the heads up vnunet.com
So Downadup will spike password resets and drive Windows reinstalls on some systems. I am surprised Microsoft has not made a public statement regarding this incident. Users that are not tech savy will not notice the annoying virus. We can't just turn off Windows.
Posted by manager2, 17 Jan 2009
Severe punishment
There should be a very severe punishment for these lowlife idiots.
Posted by affaiec, 18 Jan 2009
How about the full story?
What people need to know is, "How can I tell whether I have this virus on my PC, and if I do, what to do about it."
That's the most important issue for readers.
Posted by Steve McNamara, 18 Jan 2009
Time to get a Mac!!!!!!!!!!!!!!!
PC users everywhere Windows is the "Emperor's New Clothes" the naked truth is you will probably get infected in you do not update your PC every 10 seconds!
Come to the away from the dark side come to the light!
Of course I am just a smug Mac business user who has not had to EVER run any anti virus software EVER and have NEVER been infected with a single piece of malware since 1994.
This is a FACT about Macs. I know that a fact about Macs is very unusual to see in an article in this publication, but it had to happen someday!
Oh! and they are easy to use and sometimes you even smile when using them.
Posted by Hans Beier, 22 Apr 2009