New modification of the Kido Trojan

Kaspersky Lab has detected a new modification of Kido. This latest variant differs from previous ones in that it extends the Trojan functionality used in earlier versions of the malicious program.

Net-Worm.Win32.Kido.ip, Net-Worm.Win32.Kido.iq, and other variants are all representative of this latest modification of Kido, which is capable of preventing antivirus products from functioning effectively on infected machines.

The new variant of the malicious program also generates a dramatically increased number of unique domain names which it can contact to download daily updates: 50,000 in contrast to the 250 generated and contacted by previous versions.

Kido has Trojan Downloader functionality, which means that it delivers other malicious programs to infected computers. The first Kido infections were detected in November 2008.