Infections of a worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is "skyrocketing".

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.

Anti-virus firm F-Secure estimates there are now 8.9m machines infected.

Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch.

In its security blog, F-Secure said that the number of infections based on its calculations was "skyrocketing" and that the situation was "getting worse".

Speaking to the BBC, Graham Cluley, senior technology consultant with anti-virus firm Sophos, said the outbreak was of a scale they had not seen for some time.

"Microsoft did a good job of updating people's home computers, but the virus continues to infect business who have ignored the patch update.

"A shortage of IT staff during the holiday break didn't help and rolling out a patch over a large number of computers isn't easy.

"What's more, if your users are using weak passwords - 12345, QWERTY, etc - then the virus can crack them in short order," he added.

"But as the virus can be spread with USB memory sticks, even having the Windows patch won't keep you safe. You need anti-virus software for that."

Method

According to Microsoft, the worm works by searching for a Windows executable file called "services.exe" and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a "dll". It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine's System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker's web site.

Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down.

But Conficker does things differently.

Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers' files. On the face of it, tracing this one site is almost impossible.

Variant

Speaking to the BBC, Kaspersky Lab's security analyst, Eddy Willems, said that a new strain of the worm was complicating matters.

"There was a new variant released less than two weeks ago and that's the one causing most of the problems," said Mr Willems

"The replication methods are quite good. It's using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism."

"Of course, the real problem is that people haven't patched their software," he added.

Technicians have reverse engineered the worm so they can predict one of the possible domain names. This does not help them pinpoint those who created Downadup, but it does give them the ability to see how many machines are infected.

"Right now, we're seeing hundreds of thousands of unique IP addresses connecting to the domains we've registered," F-Secure's Toni Kovunen said in a statement.

"We can see them, but we can't disinfect them - that would be seen as unauthorised use." Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.

Just as I was getting  used to all vistas little quirks some not so little but all the same its a damn fine os and when you learn that it will try to make your life hell when you try to add some hardware that was not blest by microsoft  they come along with windows 7. Are they just going to forget about vista now .I just wanted to say it has so much to offer but still a lot of people were a bit to nervous to make the change maybe that why 7 has come a long.I just got the beta last night and must say I am impressed even at this stage very fast and even on a system I had put together from old pc intel(R)Pentium(R) 4 CPU 2.93 GHz 768 MB (RAM)Graphics Radeon X300/X550/X1050 series 128 mb of ram it runs just fine just one prob sound card did not work went to device manager to update driver but same old MSoft your hardware drivers are up to date but thats no good to me I still have no sound so just went to R...tec got one there it not singed but there was no song & dance about it just a popup so  I will say this one is going to be big so hurry up Msoft and get it there

Postcard' or 'Postcard from Hallmark' Virus Hoax

Netlore Archive: False email alert warns of 'the worst virus ever' circulating in the form of an attachment labeled 'POSTCARD' or 'POSTCARD FROM HALLMARK'

Description: Email hoax
Circulating since: Feb. 2008 (this version)
Status: False, although real e-card viruses resembling this do exist

IMPORTANT NOTE - READ CAREFULLY Some versions of this hoax claim the information was "verified" on Snopes.com. This is NOT true. What has been verified on Snopes.com is a different e-card virus threat with a similar name. DO beware of phony "Hallmark" (or other) e-card notices -- they may carry a real virus. DON'T be confused by the false descriptions below.

Example #1:
Email example contributed by Caroline O., June 13, 2008:

Subject: VERY IMPORTANT - BIG VIRUS COMING!!! PLEASE READ & FORWARD !!! http://www.snopes.com/computer/virus/postcard.asp Hi All, I checked Snopes (URL above:), and it is for real!! Get this E-mail message sent around to your contacts ASAP. PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any message with an attachment entitled 'POSTCARD FROM HALLMARK,' regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts It is better to receive this message 25 times than to receive the virus and open it. If you receive a mail called' POSTCARD,' even though sent to you by a friend, do not open it! Shut down your computer immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept. COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US Snopes lists all the names it could come in.

Example #2:
Email example contributed by Treva T., May 14, 2008:

FW: Big Virus Coming!!!! http://www.snopes.com/computer/virus/postcard.asp Hi All, I checked with Norton Anti-Virus, and they are gearing up for this virus! I checked Snopes (URL above:), and it is for real!! Get this E-mail message sent around to your contacts ASAP. PLEASE FORWARD THIS WARNING A MONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any message with an attachment entitled 'POSTCARD,' regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts It is better to receive this message 25 times than to receive the virus and open it. If you receive a mail called' POSTCARD,' even though sent to you by a friend, do not open it! Shut down your computer immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept . COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.

Example #3:
Email example contributed by Jenifer B., Feb. 9, 2008:

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS! You should be alert during the next few days. Do not open any message with an attachment entitled "POSTCARD," regardless of who sent it to you. It is a virus which opens A POSTCARD IMAGE, which 'burns' the whole hard disc C of your computer. This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts. If you receive a mail called" POSTCARD," even though sent to you by a friend, do not open it! Shut down your computer immediately. This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Drive.

Comments: With so many real viruses in circulation bearing names almost identical to the bogus threats you may read about in hoax messages, it is crucial to know how to distinguish between the real virus threats and the fake ones. Here are a few points to keep in mind:

1. It is true that there are real viruses, trojans, and other malicious programs currently being distributed by means of fake e card notices

These malware-containing emails may arrive under any of dozens of possible headers, for example:

• You've received a Hallmark E-Card!
• You've received a postcard from a family member!
• Colleague sent you a postcard from egreetings.com!
• Birthday e-card

They do resemble legitimate notices from e-card companies. This means every user needs to be very careful when dealing with such emails, no matter what the apparent source. Before clicking on any links or attachments in the body of such a message, check to see if you can verify that it came from a legitimate source -- and that isn't always easy. If you can't verify, don't click!

Don't click on links or attachments in e-card notices that arrive anonymously, or from senders whose names you don't recognize.

Don't click on attachments or links that seem suspicious in any other way.

2. Generally speaking, forwarded email warnings such as the 'POSTCARD' alerts above cannot be trusted to provide accurate information.

Read carefully! Try not to confuse hoax warnings with the real thing. Bogus virus alerts often contain links to websites which, at first glance, may seem to confirm the authenticity of the message, but which in fact discuss a completely different matter.

The very message we're discussing happens to be a case in point. Despite the fact that there are real e-card viruses out there, the "POSTCARD" warning above is, in fact, a hoax. It is simply the newest of many variants of a false alert that began circulating several years ago (compare the texts and you'll see what I mean).

Therefore, don't depend on this type of alert for protection, and avoid forwarding such messages to others unless you can confirm with some certainty that the threat they describe is real.

3. Protecting yourself from real virus and trojan threats entails a few simple but critical measures. Follow them religiously:

1. Always be very careful concerning which attachments you open and which files you download. If you can't be reasonably sure they are safe, don't open or download them.
   
   
2. Maintain up-to-date antiviruse software on your computer, configure it to detect trojan horses and other malware automatically, and scan for viruses and other threats regularly.
   
   
3. Always be careful concerning which links you choose to click, especially in messages from anonymous or unfamiliar sources. Clicking on these links can instantly download malicious software onto your computer. Again, if you can't be reasonably sure a link is safe, don't click on it.