Beware Of New Kido Malware Threat
0Overall Score

Software security specialist Kaspersky Lab says it has detected a new modification of the Kido malware threat.This latest variant differs from previous ones in that it extends the Trojan functionality used in earlier versions of the malicious program.

Net-Worm.Win32.Kido.ip, Net-Worm.Win32.Kido.iq, and other variants are all representative of this latest modification of Kido, which is capable of preventing antivirus products from functioning effectively on infected machines. The new variant of the malicious program also generates a dramatically increased number of unique domain names which it can contact to download daily updates: 50,000 in contrast to the 250 generated and contacted by previous versions. 

“So far, the new version of Kido isn’t posing an epidemic threat,” said Vitaly Kamluk, senior antivirus expert. “However, if existing versions of Kido are replaced by the latest variant, this could make life a lot more difficult for those trying to combat the authors of this malicious program.”

The Kido worm has Trojan Downloader functionality, which means that it delivers other malicious programs to infected computers. The first Kido infections were detected in November 2008.

A record for new Kido variants was added to Kaspersky Lab antivirus databases on Saturday, March 7.

Kaspersky Lab recommends again that all users install the relevant operating system security update (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). An antivirus solution with up-to-date signature databases and a properly configured firewall can also prevent infection. Users of Kaspersky Lab antivirus products who have installed the security update released by Microsoft are fully protected from Kido.