A mysterious computer virus, the purpose of which has yet to become apparent, is spreading so fast that it has already infected more than 15 million computers around the world. Some six million machines have been contaminated in the past three days alone by the virus, a worm known as Downadup, Conficker or Kido.
More than 3,000 British organisations – including hospitals, the Ministry of Defence, councils, and what are described as “well-known firms” – have been hit. They and the hundreds of thousands of other victim organisations in countries such as the US, Russia, China and India are now bracing themselves for the virus to be triggered and do whatever malicious work it has been designed to do.
There remains the possibility that it has no function other than to demonstrate its originator’s skill, but security experts think it unlikely a worm so sophisticated has no ulterior purpose. Tom Gaffney, technical manager of F-Secure, says this could be to capture confidential information, such as online account details and passwords, but it is more likely to be a “rootkit”, which gives the virus designer administrative access – effectively, control over the computer and then, perhaps, its network. He said that Conficker is the worst outbreak of this type seen for six years, since the Slammer worm ran amok in 2003.
(Article continues below)
Conficker’s origin is thought to be in Ukraine, mainly because the first thing the worm does is check if a computer has a Ukrainian-configured keyboard. If it does, the worm leaves it unmolested. Former Soviet states are where so-called “computer warfare” (the hacking of target networks, or hijacking of websites) has been most common. It was prevalent during last year’s Georgia-Russia conflict.