A windows worm named Conficker or Downadup or Kido (as called by various anti-virus vendors) which targets unpatched networks and poor passwords has been reported to have affected 2.4 million machines to over 8.9 million during the last four days by a Finnish anti-virus maker F-Secure.
The worm spreads via a vulnerability due to RPC flaw that Microsoft patched in October 2008. Once on a machine, it sets up an HTTP server and resets a machine's System Restore point to stop administrators deleting it.
This new worm which belongs to the usual Trojan family, downloads new files from their own malware server and generates hundreds of random domain names to scan for updates.
The numbers given by F-Secure has been criticized by many other vendors and has made F-Secure to explain its method of calculating the size of the malware's breakup. Servers in China, Brazil and Russia seems to have been affected most.
18 Comments - Add comment