Expert: Worm spreading in many ways becoming an epidemic

The worm known as Kido, aka Conficker or Downadup, evolves to spread via removable devices and other means besides just exploiting a Windows vulnerability.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Jan. 16, 2009 9:34 a.m. PT

A worm that spreads via removable devices, network shares, and weak administrator passwords--in addition to exploiting a critical Windows vulnerability--is spreading so fast it is becoming an epidemic, a security researcher said on Thursday.

The worm, known as Kido, Conficker, or Downadup, initially exploited MS08-067, a vulnerability considered critical for Windows 2000, XP, and Server 2003. It was patched in October.

Newer variants have been configured to give the worm the ability to infect via other means to get onto the network, said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab.

"The Kido authors are trying to get into these networks by infected removable devices and by using other Trojans to install Kido on a computer, which will then try to infect other machines on the local network," he said in an e-mail statement. The worm "is currently causing an epidemic."

An estimated 3.5 million computers are believed to be infected with the worm, ZDNet reports.