Fight the worm – Conficker, Kido or Downadup

A nasty worm called Downadup worm has infected millions of computers and continues to spread. This many security experts believe is precurser of the evil deeds to come.

According to US software protection firm F-Secure the computer worm is known as Conficker, Kido or Downadup had infected more than nine million computers by Tuesday and was spreading at a rate of one million machines daily (wow). What is interesting is that this malicious software had yet to do any noticeable damage. This is prompting a debate as to whether it is impotent, waiting to detonate, or a test run by cybercriminals intent on profiting from the weakness in the future.

This is possibly the biggest virus attack we have ever seen.  Some people believe that the bad guys are field testing a new technology. If the worm proves to work well, they could go out and sell malware to people. There is a huge market for selling criminal malware.

Downadup’s most intriguing aspect is its multipronged attack strategy as it can spread three different ways.

• One is a vulnerability in Windows that Microsoft patched almost four months ago. The bug, which is in a file-sharing service that’s included in all versions of the operating system, can be exploited remotely just by sending a malformed data packet to an unpatched PC.
• Second, the worm can spread by password attacks
• Third by copying itself to any removable USB-based devices such as flash drives and cameras. Worm can be easily spread between unprotected computers through the use of removable drives, such as USB sticks.

You are infected with this worm if you are facing any of these issues:

• Account lockout policies are being tripped.
• Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
• Domain controllers respond slowly to client requests.
• The network is congested.
• Various security-related Web sites cannot be accessed.

In case your PC is showing any of these symptoms Microsoft recommends that you immediately use the MSRT to clean the machine. Users can download MSRT from Microsoft’s site, or follow the instructions posted at its support site.

What is at risk?

Once in a computer the it spreads the worm leaves the computer vulnerable to further exploitation by hackers and spammers, who are able to remotely download more malicious programs onto the computer, or even use the worm to help install software that will enable them to track and steal security information, such as banking logins or credit card information. Malware could also be triggered to turn control of infected computers over to hackers amassing “zombie” machines into “botnet” armies. A troubling aspect of Conficker is that it harnesses computing power of a botnet to crack passwords. Repeated “guesses” at passwords by a botnet have caused some computer users to be locked out of files or machines that automatically disable access after certain numbers of failed tries.

Who is vuulnerable?

Upatched Windows 2000, Windows XP and Windows Server 2003 machines are at the greatest risk while danger to PCs running Windows XP Service Pack 2 and XP Service Pack3 is moderate. Unpatched Windows Vista and Server 2008 systems are less likely to fall victim.

How to protect?

• Stay current on anti-virus tools
• Stay current on Windows updates
• Protect computers and files with strong passwords. Security experts urge people to harden passwords by mixing in numbers, punctuation marks, and upper-case letters. Doing so makes it millions of times harder for passwords to be deduced.

And of course keep reading tecnerd.com for any updates.