A growing threat to users has been spread through low security networks, memory sticks and Personal Computers (PC's) that do not have the latest security patches and updates.

First discovered in late 2008 the malicious program is known as Conficker, Downadup, or Kido and although Microsoft released a patch the infection is thought to have spread to around 3,500,000 PC's. Industry analysts maintain that this figure is likely to rise considerably and advise that PC users must run up to date antivirus software and install Microsoft's MS08-067 patch.

Microsoft have commented that the worm works by searching for a Windows executable file called "services.exe" and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a "dll". It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine's System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker's web site.

Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down. 

The worm known as Conficker works differently. The BBC has the complete story.

To asceratin wherther your organisation is free from network visuses, trojans, malware and worms please contact us for a free of charge appraisal.

Net-Ctrl has an enterprise-wide range of network and internet gateway products to mitigate the risk. Products from low-end SME devices through to corporate, high-end appliances and VMware.