A worm by the name of Win32.Worm.Downadup.B. is fast spreading across the net. Within four days, it infected four times the number of computers it was on. The rapid spread is because the worm skirts around AV software by using rarely-used APIs in the system. The worm hides in a folder in the recycle bin, and updates itself by checking upto 250 randomly generated domain names, which have components. The safest way to prevent the spread of this particular worm is to not switch USB drives between computers. If your USB drive has a mysterious recycle bin folder, there is a good chance that you have this worm. Keep your work USB drives separate from the ones for personal use to prevent either your workplace or your home computer from being infected. Microsoft has released a patch, but the fix itself was faulty. The worm affects Windows XP, Windows 2000 and Windows Server 2003. There are no workarounds as yet. The worm is spreading by exploiting multiple systemic weakness, including weak passwords. The worm restricts some traffic (like system updates), but is otherwise not involved in any malicious activity. The main threat at this point of time is the worm allowing computers to be used by a botnet. These can be used to send spam for example. Downadup is also known as Conficker and Kido.
No comments:
Post a Comment