This worm is also known as Downadup or Kido which was first discovered in October 2008.
This worm freely spreads through low security networks, pendrives, and the computer's which does not have the regular updates.
Working Principle of this Worm:-
- After entering in to the computer successfully, the worm works by searching for a Windows executable file called services.exe and then becomes a part of that code.
- It then copies itself into the Windows system folder and creates a file with the extension called"dll (Dynamic Linked Library)" and then it modifies the registry.
- Once the worm is successfully set up it creates an HTTP Server and then downloads files from the Hacker's Website.
- The most dangerous feature of this worm is it resets the machines system restore point so that making it very harder to recover the infected system.
- Toni Koivunen from F - Secure says that the worm uses a complicated algorithm to generate 100's of different domains every day such as mphtfrxs.net imctaef.cc, etc. But only one of these will actually be the site used to download the hacker's files.
- Anyhow the microsoft has released the patch through Windows Update.
- But the computer's without the latest security updates are under High Risk.
- So , Please Update as soon as Possible.
No comments:
Post a Comment