A computer virus attack that has infected more than 6.5 million Windows PCs this week is one of the worst in years, internet security firm F-Secure said Friday. In total the worm, which is known as Downadup or Conficker, has infected nearly nine million PCs since its first version was unleashed two years ago.
‘The number of Downadup infections is skyrocketing,’ Toni Koivunen, an F-Secure researcher, said in an entry to the company’s security lab blog. ‘From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That’s just amazing.’ Computer users have little to fear if they keep their computers patched with the latest Microsoft security fixes, but Microsoft says that at least one third of PCs have not yet been updated.
‘We haven’t seen outbreaks of this scale in many years,’ the company’s lead researcher Mikko Hypponen told ComputerWorld.com. Microsoft says the worm exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008.
The worm works by searching for a Windows executable file called ‘services.exe’ and then becomes part of that code. Once it’s embedded in a PC, Downadup generates a list of possible domains, selects one, then uses that domain to reach a malicious server from which it downloads additional malware to install on the hijacked computer.
The latest version of the virus is particularly nasty since it uses a complicated algorithm to create hundreds of new domains, making it much harder for security experts to shut it down.