RSS Alerts

Share

More services

Related Stories

  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...
  • Windows autorun trojan tops November malware chart
    The latest monthly malware chart from BitDefender claims to show that the largest risk to computer users is currently Trojan.AutorunINF.Gen, a generic family of trojan malware abusing the autorun feature in Windows.
  • Nine Lives - Self-modifying Malware
    As the Conficker worm proved when it first appeared in October 2008, there’s more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager’s nightmare has become a programming reality
  • A Rotting Security Apple?
    Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come
  • Downadup Gathers Steam Amid Vendor Confusion
    As the Downadup worm continued its inexorable spread across the Internet last week, US-CERT issued an advisory claiming that Microsoft instructions for stopping one of its infection techniques were inadequate.

Top 5 Stories

News

Downadup Worm goes Nuclear

16 January 2009

A network worm that began to spread late last year has turned into a epidemic. The Downadup worm, which we reported on last week, has infected around 3.5m PCs, according to F-Secure.

Downadup, also known as Conficker or Kido, exploits an RPC vulnerability found in Microsoft Windows in October. It is a stark reminder of the bad old days of network worms that spread with no user interaction. On XP systems, it requires no input from the user to spread from machine to machine. Once on an unpatched corporate network, it can quickly replicate using the RPC vulnerability, which spreads via ports 139 and 445. When announced in October the vulnerability still required user input on Vista systems to spread, however.

McAfee Avert Labs also says that the worm is using a Metasploit exploit for MS08-067 to spread.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012