Downadup virus exposes millions of PCs to hijack

Message boards : The Lounge : Downadup virus exposes millions of PCs to hijack
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 14626
Netherlands
Message 22490 - Posted: 16 Jan 2009, 19:46:33 UTC

I thought this was worth a warning...

LONDON, England (CNN) -- A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than eight million computers in what industry analysts say is one of the most serious infections they have ever seen.

Experts say a single infected laptop could expose an entire network to the worm.

The Downadup or Conficker worm exploits a bug in Microsoft Windows to infect mainly corporate networks, where -- although it has yet to cause any harm -- it potentially exposes infected PCs to hijack.

Mikko Hypponen, chief research officer at anti-virus firm F-Secure, says while the purpose of the worm is unclear, its unique "phone home" design, linking back to its point of origin, means it can receive further orders to wreak havoc.

He said his company had reverse-engineered its program, which they suspected of originating in Ukraine, and is using the call-back mechanism to monitor an exponential infection rate, despite Microsoft's issuing of a patch to fix the bug.

"On Tuesday there were 2.5 million, on Wednesday 3.5 million and today [Friday], eight million," he told CNN. "It's getting worse, not better."

Hypponen explained to CNN the dangers that Downadup poses, who is most at risk and what can be done to stop its spread.

How serious is it?
It is the most serious large scale worm outbreak we have seen in recent years because of how widespread it is, but it is not very serious in terms of what it does. So far it doesn't try to steal personal information or credit card details.

Who is affected?
We have large infections in Europe, the United States and in Asia. It is a Windows worm and almost all the cases are corporate networks. There are very few reports of independent home computers affected.

What does it do?
It is a complicated worm most likely engineered by a group of people who have spent time making it very complicated to analyze and remove. The real reason why they have created it is hard to say right now, but we do know how it replicates.

How does it spread?
The worm does not spread over email or the Web. However if an infected laptop is connected to your corporate network, it will immediately scan the network looking for machines to infect. These will be machines that have not installed a patch from Microsoft known as MS08-067. The worm will also scan company networks trying to guess your password, trying hundreds and hundreds of common words. If it gets in, even if you are not at your machine, it will infect and begin spreading to other servers. A third method of spreading is via USB data sticks.

How can I prevent it infecting my machine?
The best way is to get the patch and install it company-wide. The second way is password security. Use long, difficult passwords -- particularly for administrators who cannot afford to be locked out of the machines they will have to fix.

What can I do if it has already infected?
Machines can be disinfected. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.

ID: 22490 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 14626
Netherlands
Message 22491 - Posted: 16 Jan 2009, 19:50:53 UTC

Use the Microsoft Malicious Software Removal Tool to scan your system, USB sticks etc. It's capable of finding and removing this threat.
ID: 22491 · Report as offensive
PhilB

Send message
Joined: 27 Jan 09
Posts: 1
United States
Message 22724 - Posted: 27 Jan 2009, 21:01:20 UTC

After downadup infects your computer, you can no longer download updates from Microsoft and most antivirus software vendors. One thing the virus does is block requests from you computer to these web sites. Alternative downloads can be found at http://www.downadup.com, along with tools for disabling AutoPlay, and repairing the registry.
ID: 22724 · Report as offensive

Message boards : The Lounge : Downadup virus exposes millions of PCs to hijack

Copyright © 2021 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.