Kaspersky issued a "moderate" severity advisory on the "kido" worm...according to their write-up, looks like this forum has caught the attention of the malware creators.... you lot should be proud this place is that popular ;D


http://www.viruslist.com/en/viruses/encyclopedia?virusid=21782725

-{ Quote: "When launching, the worm injects its code into the address space of one of the “svchost.exe” system processes. This code is responsible for the worm’s malicious payload:
Disables system restore
Blocks addresses which contain the following strings:

.....
wilderssecurity
...

" }-

It's a variant of Conficker/Downadup worm, already isolated at the end of December. It blocks DNS queries to various security related websites.

Hooray!;D

SSupdater anyone?

F-Secure have a few writeups in their blog about the Conficker/Downadup/Kido worm. (See http://www.f-secure.com/weblog)

Whippy........bravo............;D

I am sooooooooooo unlucky that I didn't got hit by the malware. I would love to. You know, whenever my PC gets infected I get a warm fuzzy feeling. :)

@Baz_kasp

Just count your blessings.

Does it block DNS look-up by inserting an entry into your hosts file?
If so, OA paid certainly monitors your hosts file to alert you to this.

-{ Quote: "Does it block DNS look-up by inserting an entry into your hosts file?
If so, OA paid certainly monitors your hosts file to alert you to this." }-


Probably not... the "in" way at the moment is to use ndis to block/reroute requests from what I've read....

Don't understand why it disabled System Restore; many people automatically turn to Sys Restore to restore a clean copy. It could just manifest its self within Restore.