A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.

Although Microsoft released a patch, it has gone on to infect 3.5m machines.


http://newsimg.bbc.co.uk/media/images/45381000/jpg/_45381654_downadup-bbc226.jpg.jpg


http://news.bbc.co.uk/1/hi/technology/7832652.stm

How did it happen?
And how can you tell if you're infected?

its been posted in news section :P

United Kingdom 1,789
That isn't really that many.

its been posted in news section :P

Didn't know - sorry.


That isn't really that many.

Yeah, but globally it is a large amount and the numbers increase rapidly.

I wasn't hit by this but I've spent all day trying to remove a virus that gives me a BSOD after 3 mins and redirects all my Google searches to porn sites...

I wasn't hit by this but I've spent all day trying to remove a virus that gives me a BSOD after 3 mins and redirects all my Google searches to porn sites...
Don't complain

Don't complain

I'm not complaining ;D

I wasn't hit by this but I've spent all day trying to remove a virus that gives me a BSOD after 3 mins and redirects all my Google searches to porn sites...


lucky
now you have an excuse :(

but seriously is it transferred online? *the virus worm thing*

A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.

and how do u know if uve been infected?

It's only for XP and before right?

It's only for XP and before right?


is it?
that's good

is it?
that's good
Didn't read the table clearly :( They only have patches for XP :
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

I'm not a super genius with windows but try closing everything on your computer including things like MSN and as many other running programs that you might have running in the background and aren't vital, then go to command prompt (in accessories) and type: netstat

Loads of things will come up, scroll to the bottom and watch to see if it is randomly connecting to an/some IP(s).

If it is, you may be infected...

I wasn't hit by this but I've spent all day trying to remove a virus that gives me a BSOD after 3 mins and redirects all my Google searches to porn sites...

Im actually jealous of you for getting that one

and how do u know if uve been infected?


Becasue you wouldnt even be on the pc that ****** up would you

Becasue you wouldnt even be on the pc that ****** up would you


dude, i was just asking

A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.
The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.
Although Microsoft released a patch, it has gone on to infect 3.5m machines.
Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch.
http://newsimg.bbc.co.uk/shared/img/o.gifhttp://newsimg.bbc.co.uk/nol/shared/img/v3/start_quote_rb.gif Right now, we're seeing hundreds of thousands of [infected]unique IP addresses http://newsimg.bbc.co.uk/nol/shared/img/v3/end_quote_rb.gif


Toni Koivunen, F-Secure


According to Microsoft, the worm works by searching for a Windows executable file called "services.exe" and then becomes part of that code.
It then copies itself into the Windows system folder as a random file of a type known as a "dll". It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.
Once the worm is up and running, it creates an HTTP server, resets a machine's System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker's web site. http://newsimg.bbc.co.uk/shared/img/o.gifINFECTED IPs WORLDWIDE
China 38,277
Brazil 34,814
Russia 24,526
India 16,497
Ukraine 14,767
Italy 13,115
Argentina 11,675
Korea 11,117
Romania 8,861
United States 3,958
United Kingdom 1,789
Source: F-Secure


Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down.
But Conficker does things differently.
Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers' files. On the face of it, tracing this one site is almost impossible.
Speaking to the BBC, Kaspersky Lab's security analyst, Eddy Willems, said that a new strain of the worm was complicating matters.
"There was a new variant released less than two weeks ago and that's the one causing most of the problems," said Mr Willems
"The replication methods are quite good. It's using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism."
"Of course, the real problem is that people haven't patched their software. If people do patch their software, they should have little to worry about," he added.
Technicians have reverse engineered the worm so they can predict one of the possible domain names. This does not help them pinpoint those who created Downadup, but it does give them the ability to see how many machines are infected.
"Right now, we're seeing hundreds of thousands of unique IP addresses connecting to the domains we've registered," F-Secure's Toni Kovunen said in a statement.
"We can see them, but we can't disinfect them - that would be seen as unauthorised use." Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.

Answers some of your questions posted...

and how do u know if uve been infected?

Because if you were infected you wouldn't be posting right now..

Flipping hell