The Win32.Worm.Downadup, as know as Conficker or Kido Worm

Printer-friendly versionSend to friendPDF version
By s13884 on 19 Jan 2009 - 15:31
securityWindows_180

A new method of propagation has given a computer worm. The Win23.Worm.Downdup, aka Conficker or Kido, first hit the world year by exploiting the MS08-067 vulnerability that let is spread in loosely secured networks.

Researchers from the Finnish security vendor F-Secure, estimate that at least one million computers have been infected by the Conficker worm in a single day The worm and the patch to protect against it have been around for months, but researchers believe it's now infected over 8.9 million PCs.

The vulnerability affects Microsoft Windows 200, Windows XP, and Windows Server 2003. The latest variant of the worm now lets it spread via Thumb drives, reported security software firm BitDefender. It operates by copying itself in a random folder created inside the Recycler directory, BitDefender said, which is used by the Recycle Bin to store deleted files, and creating an autorun.inf file in the root folder. The worm execute automatically if the Autorun future is enable.

Microsoft issued a patch for the vulnerability, but a large number of PCs have remained unpatched. Security researchers believe the worm can spread via USB thumb drives. Certain TCP functions also patched to block access to security-released Web sites by filtering every address that contains certain strings. This makes it harder to remove because information about it is difficult to gather from an infected computer. Additionally, the little worm removes all access rights of the user, expect execute and directory usage, top protect its files.

Cristin Craioveanu and Ziv Mandor from the Microsoft Malware Protection Center, pointed out in an article published on the company's Threat Research & Response Blog, that conficker removal capabilities were added to the January release of the free Malicious Software Removal Tool(MSRT). Both home and corporate users are urged to first install MS08-07 patch, and then use the January MSRT version in order to clean the infected computers. Also the two researchers noted that a significant number of customer contacted Microsoft to ask for assistance regarding Conficker infections.

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <b>
  • Lines and paragraphs break automatically.
  • You may insert videos with [video:URL]

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

Most Popular

Most Commented

Most Emailed

Follow Us

www.tecspeak.com © 2010 Tecspeak.com