9M PCs infected with New Conficker Worm

A malicious Internet worm known as Conficker, Downadup, or Kido that spreads through low security networks, memory sticks and PCs without the latest security updates, is infecting machines by the millions. (Source: bbc.co.uk)

The worm was first discovered in October 2008 and a security patch by Microsoft was issued at that time. However, a recent, new strain of the worm was developed and has managed to infect an estimated 9 million machines with 1 million new infections per day. (Source: sfgate.com)

Microsoft says the worm works by searching for a windows executable file named "services.exe" and becoming part of that code. It then copies itself into the windows system folder as a random .DLL (dynamic link library) file and then modifies the Windows Registry to run the infected .DLL file as a service.

Once the worm is installed, it creates an HTTP server, resets a machine's System Restore point and downloads files from the hacker's web site.

Leading web antivirus F-Secure Corporation says the worm uses a complicated algorithm to generate hundreds of different domain names such as mphfrxs.net, imctaef.cc, and hcweu.org. Only one of those sites will actually be the site used to download the hacker's files, but because it generates so many domains, tracing just one site is almost impossible. (Source: f-secure.com)

Kaspersky Lab's Security analyst Eddy Williams told the British Broadcasting Corporation (BBC) that the newest strain of the worm was complicating matters. "There was a new variant released less than two weeks ago and that's the one causing most of the problem," said Mr. Williams.

Mr. Williams also said that that people who downloaded the latest Microsoft updates and run Microsoft's free Malicious Software Removal Tool should should have little to worry about. It's important that you keep your software updated with the latest security patches.

The worm has infected computers in many different parts of the world, with machines in China, Brazil, Russia and India having the highest number of victims.

More information is available in Microsoft's Security Bulletin MS08-067.

Visit Bill's Links and More for more great tips, just like this one!