Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: bill
A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users. The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Although Microsoft released a patch, it has gone on to infect 3.5m machines.
Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers' files. On the face of it, tracing this one site is almost impossible.
Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.
From the BBC - Three million hit by Windows worm [news.bbc.co.uk]
[edited by: Quadrille at 1:30 pm (utc) on Jan. 16, 2009]
"Of course, the real problem is that people haven't patched their software. If people do patch their software, they should have little to worry about," he added.
There was a time when waiting and manually applying all MS patches was a good idea. I only do that now on my primary machines. I've started putting all the others on automatic update. The argument for putting Windows into automatic update mode are getting stronger even for experienced users.
I'm not sure I understand how this worm can be spread by USB flash drives. So far as I am aware, whilst autoplay is supported in XP from SP2 onwards, a dialog is always displayed first with options. I guess those that get infected this way click Yes to everything. If this does not cover the USB infection method, I think Microsoft have some explaining to do.
Booting and operation of computer is slow and very erratic. Monitor screen is filled with virus warnings that are generated by the malware. This is a home machine that's not on a network. Uses Windows XP and IE7 (also sometimes FF3.0
Affects machines differently. Some have reported that simply going back with restore eliminates it. But restore generally can't go back before infection date.
What is the goal of this one, a botnet or something?
My infected machine has important files that I would like to move. Any ideas on whether those data and text files would be safe? Meanwhile I'm just parking the infected computer until more is known.
It's not only windows update that's essential, but an antivirus program with frequent updates, too.
CA started charging fees a couple of years ago, but there's several 'free' programs around that offer frequent updates, such as AVG - but be careful, some of them will find viruses, but not remove them eg 'StopSign'. How helpful is that? Just a scam to make you cough up at whatever price when you are in panic mode!
If the description is accurate (not sure) it is possible to open a program from the autoplay dialog whilst it pretends to merely open a folder - Yikes!.
This sort of cyber-crime is big business, typically based in Russia but China, India and others also contribute. Western gangs tend to be more direct, concentrating on identity theft, etc. This may be because anti-hacking laws carry severe penalties whilst identity-theft laws carry pretty pathetic penalties.
The numbers of infected machines are increasing...
How bad has it gotten? Estimates range from 3.5 million infected in the first four days after it began spreading to 9 million impacted... and getting worse. By now I figure the numbers could top 15 or 20 million.
Surely, WGA validation should only be required for non-security updates (such as Media Player).
Piracy of windows is HUGE issue for MS - and they really don't have an answer to it; they have already dropped prices in many developing countries - but AFAIK, that simply reduced their income, it did not have an appreciable effect on piracy.
I live in a country where almost all PC's here are sold with questionable copies of XP.
A "friend's" computers update regularly the first Tuesday of every month.
Just make sure that you have auto update turned on & don't click any little windows that pop up on the bottom of your screen. That's the validation check. If you accidently click it just cancel it once you get to the first screen.
I do not condone people having illegal copies of MS software & would never do so myself.