originally posted:1/22/09 - 10amPST

   I won't bore you with the details, suffices to say there is a serious threat out that could potentially bring down computers and networks all over the world. It can spread through USB, MP3 devices, BitTorrent sites and files as well as email by exploiting the Microsoft hole described as MS08-067. On Wednesday, about 3.5 million computers had been infected, mostly in Europe, the United States and Asia. Approximately six percent of computers scanned by Panda Security are currently infected by the Conficker/Downadup worm, Panda said Wednesday, dubbing the outbreak "an epidemic". By Friday, that number was nearly 9 million, and still climbing. . It's sure to be even higher as this week wears on and the worm seeks out more unprotected networks.

   To read more on this virus please do a search on Google News for "Downadup, Conficker, or Kido" or click this LINK.

UPDATE 1/23/09 - 11:00amPST source: theregister.co.uk

The Conficker worm is programmed to constantly update itself. The malware is designed to download new code onto infected machines through a large number of different and changing IP addresses, making it difficult to block.

“This is an indication that the worm authors are preparing to carry out a large scale attack in the near future using the infected machines,” said Dominic Hoskins, Country Manager, Panda Security UK.

UPDATE 1/22/09 - 19:30 The Following was PRINTED in the New York Times source: NYTimes.com

Microsoft rushed an emergency patch to defend the Windows operating systems against this vulnerability in October, yet the worm has continued to spread even as the level of warnings has grown in recent weeks.

Earlier this week, security researchers at Qualys, a Silicon Valley security firm, estimated that about 30 percent of Windows-based computers attached to the Internet remain vulnerable to infection because they have not been updated with the patch, despite the fact that it was made available in October. The firm's estimate is based on a survey of nine million Internet addresses.

Security researchers said the success of Conficker was due in part to lax security practices by both companies and individuals, who frequently do not immediately install updates.

A Microsoft executive defended the company's security update service, saying there is no single solution to the malware problem.

"I do believe the updating strategy is working," said George Stathakopoulos, general manager for Microsoft's Security Engineering and Communications group. But he added that organizations must focus on everything from timely updates to password security.

"It's all about defense in depth," Mr. Stathakopoulos said.

Alfred Huger, vice president of development at Symantec's security response division, said, "This is a really well-written worm." He said security companies were still racing to try to unlock all of its secrets.

Unraveling the program has been particularly challenging because it comes with encryption mechanisms that hide its internal workings from those seeking to disable it.

Most security firms have updated their programs to detect and eradicate the software, and a variety of companies offer specialized software programs for detecting and removing it.

The program uses an elaborate shell-game-style technique to permit someone to command it remotely. Each day it generates a new list of 250 domain names. Instructions from any one of these domain names would be obeyed. To control the botnet, an attacker would need only to register a single domain to send instructions to the botnet globally, greatly complicating the task of law enforcement and security companies trying to intervene and block the activation of the botnet.

Computer security researchers expect that within days or weeks the bot-herder who controls the programs will send out commands to force the botnet to perform some as yet unknown illegal activity.

Several computer security firms said that although Conficker appeared to have been written from scratch, it had parallels to the work of a suspected Eastern European criminal gang that has profited by sending programs known as "scareware" to personal computers that seem to warn users of an infection and ask for credit card numbers to pay for bogus antivirus software that actually further infects their computer.

One intriguing clue left by the malware authors is that the first version of the program checked to see if the computer had a Ukrainian keyboard layout. If it found it had such a keyboard, it would not infect the machine, according to Phillip Porras, a security investigator at SRI International who has disassembled the program to determine how it functioned.

The worm has reignited a debate inside the computer security community over the possibility of eradicating the program before it is used by sending out instructions to the botnet that provide users with an alert that their machines have been infected.

"Yes, we are working on it, as are many others," said one botnet researcher who spoke on the grounds that he not be identified because of his plan. "Yes, it's illegal, but so was Rosa Parks sitting in the front of the bus."

This idea of stopping the program in its tracks before it has the ability to do damage was challenged by many in the computer security community.

"It's a really bad idea," said Michael Argast, a security analyst at Sophos, a British computer security firm. "The ethics of this haven't changed in 20 years, because the reality is that you can cause just as many problems as you solve."

The GOOD News is there are already patches out:

• F-Secure PATCH
• Symantec PATCH
• Panda PATCH

   If you are a HOME user, make sure you have Automatic updates turned on, if you don't update your computer now. If your computer has been acting funny, you might have Malware or a Virus already, in which case please see my Malware articles (Malware & Vundo)on how to rid yourself of it, then make sure you update your computer from the Microsoft site. My Malware Page has FREE WEB SCAN tools for you to use.