Technology
Written by Alma Anonas-Carpio / Correspondent
Monday, 18 May 2009 20:26

SOME 5 million to 6 million computers worldwide have so far been infected by Kido, also known as Conficker and Downandup, one of the most notorious pieces of malicious software programs to prowl the Internet.

Antivirus software maker Kaspersky Lab cited figures from think-tank Consumer Economics, saying the annual global financial damage wrought by these programs reached $13 billion in 2007—all due to malware attacks on businesses worldwide.

“We want to contain the explosion of this [online] epidemic,” Sapronov said. “Especially since every network that has an infected machine is part of the botnet and propagates [spreads] the malware further.”

Kaspersky issued this warning as its malware experts spoke to tech journalists in a videoconference last week. According to Kaspersky China lab chief Konstantin Sapronov, the “huge botnet [network of zombied computers] infected by Kido potentially provides cybercriminals with the means to conduct devastating distributed denial of service [DDoS] attacks on any Internet resource to steal confidential data from both home users and corporate networks and to distribute unsolicited content like mass spam e-mails.”

According to the company’s most recent data, the Philippines ranks 19th in the world as far as the Conficker worm-infection rate goes. The zombie count for the Philippines is 126,594 Conficker-infected computers.

“These numbers are way too high and have to be brought to zero,” Sapronov said, considering that this virus is built to disable antivirus software and be “unremovable” from an infected hard-drive, as well as quick-proliferating.

According to Sapronov and Kaspersky chief malware expert Vitaly Kamluk the earlier version of Conficker may have originated from the Ukraine and that the spread of its latest incarnation has been temporarily halted after an “epidemic” spread in January by a concerted effort among domain-name system (DNS) providers to block the malicious websites to which Conficker connects to redirect victimized Internet users.

Kamluk said while these actions serve as a stopgap measure, they do not stop the worm’s thieving and computer-takeover activities, merely the ability of the malicious code to connect to its nefarious, associated websites to transmit the data it has stolen.

The threat magnitude posed by Conficker malware was strong enough to warrant a simultaneous, five-country videoconference with the Kaspersky experts covering the Philippines, Indonesia, Singapore, Thailand and Vietnam.

Kamluk cited data from the United States-based Consumer Reports National Research Center that said “one in five online consumers have been victims of cybercrime…to the tune of an estimated $8 billion.”

The virus works by first downloading itself onto a victimized hard drive and disguising succeeding downloads of software-program divers with Java script, hypertext markup language (HTML) and the base programming language known as hexadecimal code while the unsuspecting Internet surfer’s computer is surreptitiously connected to a series of malicious websites.

The worm then installs the drivers to take control of the machine, deactivates any antivirus software installed on the PC and proceeds to steal valuable user data, such as credit card and bank-account information, to relay this data back to the hacker who deployed the Conficker code.

Once this process of infection and propagation is complete, the computer is considered “zombied” and it becomes part of a botnet, a network of hijacked computers. The worm also propagates through disk-drive transmission, most commonly through universal service bus (USB) flash drives jacked into PC USB slots.

These experts warned computer users and Internet users to “keep their antivirus and antimalware software up to date and to be vigilant, especially when they are surfing the Internet and using portable hard drives and flash drives.”

Computer and Internet users were also cautioned to disable the autorun feature of their operating systems and to scan all external storage devices once these gadgets are connected to their computers.

* Published in BusinessMirror, with some tweaking by author to correct a small mistake in editing.