The Confiker worm, which has surged dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft’s operating system including; Windows 2000, XP, Vista, Server 2003 and Server 2008.
Confiker disables system restore, blocks access to security websites, and downloads additional malware to infected machines. The worm uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google and Baidu. The worm’s algorithm generates huge numbers of domain names every day such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org. This functionality makes it impossible and impractical to shut them all down; most of them in fact are never registered in the first place.