A new version Kido

April 13, 2009, 5:11 pm

a new version kido   Kaspersky Labs reported the detection of new versions of malware Kido, also known as Conficker and Downadup. On the night of 8/9 April computers infected with Trojan-Downloader. Win32. Kido, interacting with each other via the P2P-compounds gave the command to other infected machines to download new files. Botnet Kido intensified.
New version of Kido differs from previous versions, and now it is again the worm. Initial analysis of code zlovreda suggests that the current version Kido will operate until 3 May 2009.
In addition to load itself Kido infected computers to download the 2 new files.
The first of these - FraudTool. Win32. SpywareProtect2009. s-a fake antivirus, which is available on servers situated in the territory of Ukraine. When you start the program offers to delete found viruses, asking for the money - $ 49. 95.
The second file that is installed on the infected system Kido became Email-Worm. Win32. Iksmas. atz, also known as Waledac. This is a mailing worm that has the functionality of data theft and spam. Iksmas (Waledac) appeared in January 2009 and even then many experts have noticed some similarities between the algorithms work and Kido them. At the same time in the epidemic Kido was no less massive epidemic Iksmas email.
In the 12 hours Iksmas, installed the new version Kido, have connected to their control centers around the world and get them to team up for spam. A total of 12 hours of work of a single bot, he sent 42 of 298 spam messages. In almost every letter is a unique domain. It is obvious that this is done to ensure that anti-spam technologies have not been able to find such a list, based on the methods of analyzing the frequency of use of a specific domain. A total of 40 542 registered third-level domains, and 33 second level domain. Virtually all of these sites are located in China and reported on a variety of people, probably fictional. A simple mathematical calculation shows that one bot Iksmas sends some 80 000 letters per day. Assuming that the total number of infected machines is 5 000 000, it turns out that for one day this botnet to send out approximately 400 billion spam emails !
Currently, Kaspersky Lab conducted a detailed analysis of the new update Kido. Our specialists are working to create a new version of the utility KKiller, taking into account the functional characteristics of the new version of a network worm.


Random related topic`s:
Kaspersky Lab:Kido may increase on 1 April (kido)Nuke 5. 1:a programme for kompozitinga ( version)The January report on spam from Symantec ( spam)Trehkanalnye Crucial memory kits up to 12 GB ( total)Development of threats I half of 2008 through the eyes of Kaspersky Labs ( worm)In RU 2 million registered domains ( domain)