Net-Worm.Win32.Kido.ip and Net-Worm.Win32.Kido.iq, as well as others are the latest variants of Kido. The new variants also have a large number of strange domain names, from which they can download to infected computers over 50,000 types of harmful data, compared to 250 from the previous versions.

The new variants of the Kido virus have functions like the Trojan downloader and they will download other kinds of virus to infected computers, causing network jams. At the same time, the some software that has IDS features will continuously announce attack error “Intrusion.Win.NETAPI.buffer-overflow.exploit. 

Virus Kido appeared on January 2, 2009 and more than 9 million computers in the world have been infected with Kido.

Nguyen Thanh Sang, from NTS – Kaspersky Lab Vietnam, said that new variants of virus Kido has seriously hit Vietnamese businesses.

To prevent virus Kido, Kaspersky Lab offered kidokiller.exe at kaspersky.vn or http://tinyurl.com/dietkido.

Some signs to realize virus Kido and its variants:

-  Appearing files autorun.inf and RECYCLED\{SID<....>}\RANDOM_NAME.vmx on USB Flashes or in the local networks of businesses.

-  The virus will automatically save in into the system as a DLL file with any name, for example c:\windows\system32\zorizr.dll.

-  The virus will register itself into system services with any name, for example knqdgsm.

-  It will try to attack the computer system via the gate