Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

Downandup/Conficker worm infects 9 million PCs

Discussion in 'Tech, Gadgets & Science Forum' started by MaxShimba, Jan 22, 2009.

  1. MaxShimba

    MaxShimba JF-Expert Member

    #1
    Jan 22, 2009
    Joined: Apr 11, 2008
    Messages: 35,808
    Likes Received: 94
    Trophy Points: 145


    Downandup/Conficker worm infects 9 million PCsWed Jan 21, 2009 11:33AM EST
    See Comments (0)

    Buzz up!on Yahoo!Judging from the complaints and questions filling my inbox, Windows security looks like it's already on track for its worst year this decade. The latest attack is a worm called Downandup, Downadup, Kido!, or Conficker (all the same thing), and it primarily seems to be being delivered via infected USB drives.

    How's it work? By tricking you into running the virus by modifying the way "autorun" works when you plug in a drive. Look closely at the screenshot above and you'll see two entries for "Open folder to view files." The one at the top is a phony entry that actually installs the virus on your machine... but of course it's the default selection that pops up when you plug in a drive. Once installed, the virus spreads like crazy via a separate flaw in Windows networking system (now patched, so be sure to run Windows Update if you haven't lately) and can quickly infect a whole office. F-Secure has more analysis on the clever way it tricks you into installing the malware yourself.

    How bad has it gotten? Estimates range from 3.5 million infected in the first four days after it bean spreading to 9 million impacted... and gettng worse. By now I figure the numbers could top 15 or 20 million.

    From an antivirus standpoint, fixing Downandup isn't easy. The worm is particularly problematic because of the tricky way it involves the user in installing the software, bypassing auto-installation safeguards, plus its sophisticated way of avoiding detection, as it morphs its code constantly (using randomized elements) to make traditional, signature-based detection almost impossible.

    Your best strategy for avoiding Downandup? Turn off AutoPlay/AutoRun on your computer (with Windows XP, TweakUI is the easiest way to do it). If you do see an AutoPlay dialog box like the one above, just close it and eject the disc or thumbdrive; browsing the drive manually for individual files should keep you uninfected, but you're best off not using the drive at all. And of course, make sure your system is fully patched via Windows Update.

    What if you already have Downandup infecting your machine? Try your standard antivirus utility as a fix. If that doesn't work, F-Secure has a removal tool that should get rid of it. Good luck out there.



     
  2. MaxShimba

    MaxShimba JF-Expert Member

    #2
    Jan 22, 2009
    Joined: Apr 11, 2008
    Messages: 35,808
    Likes Received: 94
    Trophy Points: 145

    Let us be careful.
     
Loading...