Rapidly spreading computer virus may be a dud

    Jan. 21, 2009
    Experts say virus not working as intended

    Source XOD

    NEW YORK-A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the U.S., Europe and Asia, already infecting close to 9 million machines, according to a private online security firm.

    Fortunately, however, it may be a dud.

    Though computer bugs have become a common affliction, Finland-based F-Secure says a virus it has been tracking for the past several weeks has surged more rapidly through corporate networks than anything they have seen in years.

    But the virus does not appear to be working as its designers intended. F-Secure's chief security adviser, Patrik Runald, said the virus's coding suggests a type of bug that alerts computer users to bogus infections on their machines and offers to help by selling them antivirus software.

    Instead, the virus is simply spreading to little effect, though it may still pose a threat to infected computers.

    "The gang behind this worm haven't used it yet," F-Secure's chief research officer, Nikko Hypponen said by phone. "But they could do anything they like with any of these machines at any time."

    Microsoft issued a security update Tuesday to deal with the so-called "Downadup" or "Conficker" virus, which appears to be a new version of a bug that popped up in October.

    "Over the last couple of weeks, a new variant of this worm has been affecting customers," the company acknowledged in a blog post. Microsoft said the virus is spreading by gaining access to one computer and then guessing at passwords of other users in the same network: "If the password is weak, it may succeed."

    A company representative couldn't immediately be reached Saturday to comment on F-Secure's estimate of infected machines.

    Most computers with Windows will automatically download Microsoft's security update, but Hypponen said the virus disables updates on infected machines.

    While the origin of the virus is a mystery, F-Secure's best guess is it came from Ukraine. Hypponen said it is coded to avoid computers there, which may indicate whoever wrote the virus was trying to avoid drawing attention from local authorities.