By GoldSparrow in Worms

Kido is one of the many aliases of the infamous Conficker computer worm. This worm, also known as Downadup and Downup, is designed to infect computer running the Microsoft Operating system. Since Kido's appearance in November of 2008, Kido has evolved into one of the most difficult enemies that computer security researchers have faced. ESG security researchers believe that variants of the Kido computer worm represent one of the biggest malware infections in history, infecting computers in more than two-hundred countries. Kido's ability to combine many different malware techniques and to integrate infected computers into a vast botnet, have made Kido an extremely dangerous threat.

Origins of the Kido Computer Worm

Malware analysts still do not know the exact origins of the Kido computer worm. Security researchers believe that this virus originated in Ukraine. However, since the authors of the Kido worm are still being searched for by the authorities, law enforcement has been reluctant to reveal any details and leads available about the creators of this harmful malware infection. Several signs in some variants of the Kido malware infection point to a possible Ukranian origin.

How Kido Initially Infects a Computer System

Most variants of the Kido worm exploit a Server Service vulnerability in the Windows operating systems, so that this malware infection is able to jump from an infected computer onto a new operating system. Basically, this vulnerability allows the virus to force the infected computer to download the virus in the form of a DLL file, which is then attached to the svchost.exe file process. Other variants search for other native windows file processes like services.exe or explorer.exe and attach themselves to them, making detection and removal quite difficult. Some variants of Kido can spread through removable media (such as SD cards or USB memory devices) and then, take advantage of AutoRun, in order to install themselves onto a clean computer system. The Kido worm makes important changes to the Windows Registry to allow Kido to load at start-up.

Symptoms of a Kido Infection

To make sure that your computer system does not fall prey to this dangerous computer worm, ESG team of PC security researchers recommends being on the lookout for any of the following symptoms:

  • Blocked access to normal user accounts.
  • Blocked access to computer security websites.
  • Blocked access to Windows Update.
  • Congestion on the infected computer's network.
  • Problems connecting to the Internet.
  • Disabled anti-malware software.
  • Changes made to your Windows settings without your knowledge.

Related Posts


Most Viewed