The Downadup worm virus (aka: Conficker, Kido) has globally spread like wildfire. I am now reading stories [ click here ] where over 8 million PC’s have been infected (or 1 in 16 PC’s). That is over 8 million PC’s that failed to patch their systems back in October. The most concerning part, at least to me, is that this worm can use the “AutoRun” functionality in Windows to infect other PC’s. Here is how this works. You plug in your USB flash drive in a computer that has been infected with the Downadup worm and the worm copies a file (autorun.inf), to your flash drive. You remove the flash drive and plug it into another PC, the Windows AutoRun function kicks in and the autorun.inf file, that was copied to your flash drive, now executes and infects that PC.
Downadup is a worm (self-replicating).
A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network. – F-Secure
Propagation (How it spreads)…
Downadup uses a variety of methods to spread itself.
Downadup exploits a Windows vulnerability; patched by the October ‘08 security update.
If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files. – Microsoft Malware Solution Center
Additionally, it uses Windows AutoRun functionality; autorun.inf files are copied to USB drives and other removable media.
If your computer is infected…
You may not experience any symptoms, or you may experience any of the following symptoms:
Account lockout policies are being tripped.
Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
Domain controllers respond slowly to client requests.
The network is congested.
Various security-related Web sites cannot be accessed.
Visit the Microsoft’s Help & Support (to learn about the manual removal method(s) and the available Malicious Software Removal tool (MSRT) tool option that is available. Many of the anti-virus sites are carrying removal options and instructions, as well. Like many viruses, this thing will continue to evolve with a variety of different payloads. If you have a PC that is connected to the internet, it is very important that you keep your systems patched (via the Windows Update) and that you keep your Security software updated (e.g. anti-virus, anti-spyware, anti-malware). The internet is in one sad shape and it is important that our defenses are in place and that we educate ourselves about any potential threats. Thank you visiting the blog and please push this info onward to make others aware.