RSS Alerts

Related Stories

  • Nine Lives - Self-modifying Malware
    As the Conficker worm proved when it first appeared in October 2008, there’s more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager’s nightmare has become a programming reality
  • Downadup Gathers Steam Amid Vendor Confusion
    As the Downadup worm continued its inexorable spread across the Internet last week, US-CERT issued an advisory claiming that Microsoft instructions for stopping one of its infection techniques were inadequate.
  • Comment: What’s your (SEO) poison?
    SEO poisoning is an increasingly popular method of attack for cybercriminals, and one that shows they are using more sophisticated techniques. In the last year, attackers have poisoned search results on everything from the MTV Video Music Awards to Google Wave invitations. Patrik Runald of Websense asks what makes these attacks such a success, and what does this mean for 2010?
  • Microsoft releases SIRv7 - network worms on the rise
    Network worms are on the rise again thanks to poor IT management in the enterprise, according to the latest Security Intelligence Report (SIR) from Microsoft. Dramatic successes among worms in enterprises have caused this category of malware to move from fifth place to second place worldwide.
  • Businesses face deluge of patches from Microsoft and Oracle
    IT security administrators will have to deal with more than 10 security patches from Oracle and nine from Microsoft this week.

News

Downadup Worm goes Nuclear

16 January 2009

A network worm that began to spread late last year has turned into a epidemic. The Downadup worm, which we reported on last week, has infected around 3.5m PCs, according to F-Secure.

Downadup, also known as Conficker or Kido, exploits an RPC vulnerability found in Microsoft Windows in October. It is a stark reminder of the bad old days of network worms that spread with no user interaction. On XP systems, it requires no input from the user to spread from machine to machine. Once on an unpatched corporate network, it can quickly replicate using the RPC vulnerability, which spreads via ports 139 and 445. When announced in October the vulnerability still required user input on Vista systems to spread, however.

McAfee Avert Labs also says that the worm is using a Metasploit exploit for MS08-067 to spread.

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water