Calling the scope of the attack “amazing,” security researchers at F-Secure Corp. Friday said that 6.5 million Windows PCs have been infected by the “Downadup” (or “Conficker”) worm in the last four days, and that nearly nine million have been compromised in just over two weeks.
Early Friday, the Finnish firm revised its estimate of the number of computers that had fallen victim to the worm, and explained how it came to the figure. “The number of Downadup infections [is] skyrocketing,” Toni Koivunen, an F-Secure researcher, said in an entry to the company’s Security Lab blog . “From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That’s just amazing.”
Downadup — which also goes by the name “Conficker” — exploits a bug in the Windows Server service used by Windows 2000 , XP, Vista , Server 2003 and Server 2008. Although Microsoft fixed the flaw with one of its rare “out of cycle” updates in late October, about a third of all PCs have not yet been patched, according to Qualys Inc., another security company. Those PCs are the ones being hijacked by the worm.
Once it’s gotten onto a PC, Downadup generates a list of possible domains, selects one, then uses that URL to reach a malicious server from which it downloads additional malware to install on the hijacked computer. F-Secure, however, has registered some of those domains, and has been able to monitor traffic through those URLs.
By examining logs of connection attempts to the domains, F-Secure discovered several hundred thousand different IP addresses — over 350,000 as of today — as well as a counter embedded in each that spells out the number of additional PCs that the infected machine has compromised.
You can find a solution to this Virus here