One of the world’s fastest-spreading viruses – code-named “Downadup” or “Conflicker” – has already infected over nine million computers.
Data security firm F-Secure has warned the virus is infecting corporate networks at a rate previously unseen.
According to F-Secure, Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks.
As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to fully eradicate.
Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.
Once this worm infects a machine, it protects itself very aggressively. It does this by setting itself to restart very early in the boot-up process of the computer and by setting Access Rights to the files and registry keys of the worm, so that the user can’t remove or change them.
The worm also downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm, based on current date and time. As there are hundreds of different domain names that could be used by the malware, it is hard for security companies to locate and shut them all down in time.
F-Secure has warned network managers to make sure the latest Microsoft patches have been applied, anti-virus software is up to date, turn off AUTORUN and AUTOPLAY for USB sticks, make sure users domain passwords are strong and take extra care about the domain administrators’ passwords.
F-Secure adds that disinfection of this worm is complex and could require shutting down parts of company networks. It has urged firms affected by the virus to restrict USB stick usage and block unnecessary traffic at the firewall.
By John Kennedy
