Tuesday, January 20th, 2009 at 3:28pm

Widespread Windows Worm May Be a Washout

Posted by Jordan Erickson

http://www.technewsworld.com/story/security/65879.html

The Kido worm — aka “Conficker,” aka ” Downadup” — has spread to nearly 9 million PCs around the world. However, security researchers say the malware may be hindered by a bug itself. It’s infecting computers, but it’s not really doing anything. Users with infected computers, however, may still be at risk.

A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the U.S., Europe and Asia, already infecting close to 9 million machines, according to a private online security firm.

Fortunately, however, it may be a dud.

Spreading to Little Effect

Though computer bugs have become a common affliction, Finland-based F-Secure says a virus it has been tracking for the past several weeks has surged more rapidly through corporate networks than anything they’ve seen in years.

But the virus doesn’t appear to be working as its designers intended. F-Secure’s chief security adviser, Patrik Runald, said the virus’s coding suggests a type of bug that alerts computer users to bogus infections on their machines and offers to help by selling them antivirus software.

Instead, the virus is simply spreading to little effect, though it may still pose a threat to infected computers.

“The gang behind this worm haven’t used it yet,” F-Secure’s chief research officer, Nikko Hypponen said by phone. “But they could do anything they like with any of these machines at any time.”
‘New Variant’

Microsoft issued a security update Tuesday to deal with the so-called “Downadup” or “Conficker” virus, which appears to be a new version of a bug that popped up in October.

“Over the last couple of weeks, a new variant of this worm has been affecting customers,” the company acknowledged in a blog post. Microsoft said the virus is spreading by gaining access to one computer and then guessing at passwords of other users in the same network: “If the password is weak, it may succeed.”

A company representative couldn’t immediately be reached Saturday to comment on F-Secure’s estimate of infected machines.

Most computers with Windows will automatically download Microsoft’s security update, but Hypponen said the virus disables updates on infected machines.

While the origin of the virus is a mystery, F-Secure’s best guess is it came from Ukraine. Hypponen said it is coded to avoid computers there, which may indicate whoever wrote the virus was trying to avoid drawing attention from local authorities

© 2009 Logical Networking Solutions: Lake and Sonoma County Computer Repair