Major Windows worm infection, read this…
I am not a Windows person, but I know plenty of folks who are. According to this article, there is a new worm that has infected more than 8.9 million Windows machines. It also infects memory sticks and can crack weak passwords (passwords made up of words or simple patterns).
To safeguard against this worm, users need to make sure they have the latest Windows patch installed (MS08-067) and make sure they have the latest anti-virus updates installed.
From the article:
According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.
It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.
Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.
Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down.
But Conficker does things differently.
Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers’ files. On the face of it, tracing this one site is almost impossible.
This one really makes me appreciate my Mac.
– Dave
