Windows worm hits 8.9 million PCs in past week

A windows worm named Conficker or Downadup or Kido (as called by various anti-virus vendors) which targets unpatched networks and poor passwords has been reported to have affected 2.4 million machines to over 8.9 million during the last four days by a Finnish anti-virus maker F-Secure.

The worm spreads via a vulnerability due to RPC flaw that Microsoft patched in October 2008. Once on a machine, it sets up an HTTP server and resets a machine's System Restore point to stop administrators deleting it.

This new worm which belongs to the usual Trojan family, downloads new files from their own malware server and generates hundreds of random domain names to scan for updates.

The numbers given by F-Secure has been criticized by many other vendors and has made F-Secure to explain its method of calculating the size of the malware's breakup. Servers in China, Brazil and Russia seems to have been affected most.

Report a problem with article
Previous Story

Cloudo Beta Goes Public

Next Story

Microsoft launches XBox 360 Gold giveaway

18 Comments

Commenting is disabled on this article.

I first found out about this a few weeks ago, when to my amazement, the Ministary of defence computers where I work got infected. Even then, the "techies" couldnt fix the problem and the computers are still down even today.
The problem is that they don't let the user have ANY control over the computer. So even if I logged on I cannot update the computer or scan for viruses. Still uses internet explorer 6 too, which annoys me!

Poor old MOD.

Most people I've spoken to simply say 'I don't need that', when I offer them security products or advise them about updates.

Another response is 'I don't want my computer telling me to do things.', blah blah blah.

In short, they're being so naive they're gonna be buggered.

I prefer going to windowsupdate. Automatic updates have a way with mucking about with my machine. I've had to reinstall Windows several times over the years on various computers from various updates causing my machine to BSOD continuously, usually with IRQL_NOT_LESS_OR_EQUAL, INACCESSIBLE_BOOT_DEVICE, or Unknown Hard Error.

Eternal1 said,
I prefer going to windowsupdate. Automatic updates have a way with mucking about with my machine. I've had to reinstall Windows several times over the years on various computers from various updates causing my machine to BSOD continuously, usually with IRQL_NOT_LESS_OR_EQUAL, INACCESSIBLE_BOOT_DEVICE, or Unknown Hard Error.

IRQL error is generally a device driver that kicks the bucked due to bad updating from windows updates. Inaccessible_boot_device generally Sata/IDE driver error/Had HDD. Unknown error is generally unknown. I see probaly 1 in 20 pcs bluescreen due to windows updates. Generally a good reboot or roll back on effected drivers fixes the issue. Nothing serious.

mduren2445 said,
rmember...the biggest problem a computer has is between the chair and the keybrd :)

They usualy call this a case of PEBKAC

Problem Exists Between Keyboard And Chair

Besides not installing updates, how many people have their windows firewall turned off? As I remember reading it was just like Msblast but not as serious because Service Pack 2 turns on the Windows firewall by default.

I remember the day that patch came out. I updated all my machines that day. I called my parents, my sister, and my friends and told them all about the update and to apply it immediately.

We ended up getting it just before xmas in our corporate network. Think it came in via a VPN client.
My predecessor destoryed the WSUS on our network prior to me joining the company and management told me to hold of a new WSUS until we get other projects done....

Et Volia... infected. Took 3 days to clean the bloody thing up. What a nightmare!

Wow. Crazy fast. I sent a team email at work to alert them to this issue. I also told them that if they personally run windows to make sure that KB958644 is installed as that will prevent the worm from exploiting the machine so easily. Obviously it has other means but this will limit it to a physical infection and not a remote one.

smooth_criminal1990 said,
my Dad & Brother :P

And I have no sympathy for them if they DO get infected, cos I have advised them against turning AU off!

My Brother is similar. Though I'm fairly sure he does have WAU turned on, everytime I visit he has no virus protection. He's suffered a catastrophic infection before, but there's no telling him. There's really no excuse with the number of free scanners these days.

The NHS, actually. We've had ourbreaks of this over most of Kents hospitals.

Automatic updates are disabled to stop updates breaking critical progams.

TurboTuna said,
The NHS, actually. We've had ourbreaks of this over most of Kents hospitals.

Automatic updates are disabled to stop updates breaking critical progams.

maybe those programs are critically flawed?