/dqweek/media/agency_attachments/JNb31gQnqJvAm0jqPxaV.png)
Follow UsF-Secure Corporation is issuing an alert about new versions of the 'Downadup'
worm. This worm infects Windows workstations and servers, causing various
problems. Since New Year, F-Secure has received several reports of corporate
networks getting infected with variants of this worm. F-Secure is working
closely with affected companies as well as with various CERT organizations to
fight this worm outbreak.
Downadup (also known as Conficker) is a large family of network worms. They
are unusually difficult to remove, especially in case of an internal infection
inside a corporate network. Downadup uses several different methods to spread.
These include using the recently patched vulnerability in Windows Server
Service, guessing network passwords and infecting USB sticks. As an end result,
once the malware gains access to the inside of a corporate net-work, it can be
unusually hard to eradicate fully.
Typical problems generated by the worm include locking network users out of
their accounts.
This happens because the worm tries to guess (or brute-force) network
passwords, tripping the automatic lock-out of a user who has too many password
failures. It sets itself to restart very early in the boot-up process of the
computer and Access Rights to the files and registry keys of the worm so that
the user can't remove or change them.
The worm downloads modified versions of itself from a long list of websites.
The names of these websites are generated by an algorithm based on current date
and time. As there are hundreds of different domain names that could be used by
the malware, it is hard for security companies to locate and shut them all down
in time.