Around nine million PC’s around the world could be infected with the Conficker worm virus and there are warnings that the number could grow even further in the coming days.
Users are being advised to download the latest Windows patch from Microsoft and update their antivirus software to ensure that they remain protected from the worm, also known as Downadup, or Kido. The malicious program first emerged in October 2008 but has spread exponentially in recent weeks, highlighting the need for Window’s users to download patch MS08-067.
According to Microsoft, the worm works by exploiting vulnerabilities in the Window’s system, allowing it to search for an executable file called “services.exe”. It then becomes part of that code.
The worm then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a randomly generated 5-8 character name and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.
Once the worm is up and running, it creates a HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.
What makes this worm different is that where most forms of malware use one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down, Conficker uses a complex algorithm to generate hundreds of different domain names every day, making it extremely difficult to trace the source of the virus and close it down.