Kaspersky Lab alerts users to a new modification of Kido

10 Mar 2009
Virus News

Kaspersky Lab, a leading developer of secure content management systems, has detected a new modification of Kido. This latest variant differs from previous ones in that it extends the Trojan functionality used in earlier versions of the malicious program.

Net-Worm.Win32.Kido.ip, Net-Worm.Win32.Kido.iq, and other variants are all representative of this latest modification of Kido, which is capable of preventing antivirus products from functioning effectively on infected machines. The new variant of the malicious program also generates a dramatically increased number of unique domain names which it can contact to download daily updates: 50,000, in contrast to the 250 generated and contacted by previous versions.

“So far, the new version of Kido isn’t posing an epidemic threat,” said Vitaly Kamluk, senior antivirus expert. “However, if existing versions of Kido are replaced by the latest variant, this could make life a lot more difficult for those trying to combat the authors of this malicious program.”

Kido has Trojan Downloader functionality, which means that it delivers other malicious programs to infected computers. The first Kido infections were detected in November 2008.

A record for new Kido variants was added to Kaspersky Lab antivirus databases on Saturday, March 7.

Kaspersky Lab recommends again that all users install the relevant operating system security update (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). An antivirus solution with up-to-date signature databases and a properly configured firewall can also prevent infection. Users of Kaspersky Lab antivirus products who have installed the security update released by Microsoft are fully protected from Kido.