The Raging Windows Worm has attacked over 8.9 Million Computers

Jan 19, 2009 by John Messina weblog
Downadup Worm

(PhysOrg.com) -- Last week the global internet community was hit by the Downadup worm also know as Conficker, or Kido. This worm is now using multiple ways of infecting computers, including USB sticks. If someone were to take a USB memory stick from one infected computer and plug it into another, it would infect that computer and the network as well. Once a USB memory stick is infected, there is no Microsoft patch to remove the worm.

This attack has been more widespread on corporate networks because companies did not have the patch installed in time. This could have been caused by any number of reasons. For instance an IT Department may have been short handed or have workload related issues preventing the patch from being installed in a timely manner. Microsoft did a good job in having home computers updated with the patch but corporate networks are still being infected.

This worm is very sophisticated because it exploits multiple secure flaws in Microsoft's Windows OS's. The worm starts by injecting itself into one of Microsoft's common system process, services.exe. From there it creates a new random five letter DLL file in the Windows system folder. The Windows registry is then edited to make reference to the DLL file and runs when the computer is restarted.

Once the worm is in the computer system, it creates an HTTP server and proceeds to download malware from the hacker's websites. System restore has been wiped clean and reset on the computer making it impossible to restore your system prior to the infection.

Each day there are hundreds of dummy domain names being generated by an algorithm coded in the worm but only one site is the actual malware site. With this trickery employed, it makes it very difficult to find what is being installed each day.

This worm spreads mainly through corporate networks. An infected computer will scan the network for other computers and gain access through the Windows secure flaw. Even though a password is needed to gain access to other computers, it will guess short passwords by brute force method thereby gaining access to those computers.

The only way to stop this worm is by applying Microsoft's patch MS08-067 before computer networks get infected.

© 2009 PhysOrg.com

Explore further: Google Trends info is placed on inbox duty for subscribers

add to favorites email to friend print save as pdf

Related Stories

Ramnit's heist bags 45,000 Facebook passwords

Jan 06, 2012

(PhysOrg.com) -- Ramnit, the bank-thieving worm, is at it again, this time scoffing up Facebook accounts. The latest oh-look-another-threat is one that security watchers say could get ugly. Ramnit has grown ...

Downadup Worm Hits Over 3.5 Million Computers

Jan 16, 2009

(PhysOrg.com) -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying ...

Silicon Valley at front line of global cyber war

Jun 04, 2013

Chinese President Xi Jinping and American counterpart Barack Obama will talk cyber-security this week in California, but experts say the state's Silicon Valley and its signature high-tech firms should provide the front lines ...

US weighs tougher action over China cyberattacks

Feb 01, 2013

(AP)—High-level talks with the Chinese government to address persistent cyberattacks against U.S. companies and government agencies haven't worked, so officials say the Obama administration is now considering a range of ...

Experts urge stronger online regulation bill

Feb 16, 2012

Cybersecurity experts urged senators Thursday to close loopholes in legislation to give the government more power to force critical industries to make their computer networks more secure.

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 10

Adjust slider to filter visible comments by rank

Display comments: newest first

DGBEACH
2.6 / 5 (5) Jan 19, 2009
Linux...need I say more?
frajo
1 / 5 (1) Jan 19, 2009
eComStation.
*BSD.
YankInOz
1 / 5 (1) Jan 19, 2009
But NO Apple Macs - Hmmmm
Mercury_01
not rated yet Jan 19, 2009
worms are bad.
axemaster
4 / 5 (1) Jan 19, 2009
Well, this crap is the reason why i switched to Mac. Despite the lack of games, it doesn't get this crap, so I'm happy.

Before you flame, I also have a windows gaming computer - I just never connect it to the internet.
WolfAtTheDoor
1.5 / 5 (2) Jan 19, 2009
Viruses happen.
Soylent
1 / 5 (2) Jan 19, 2009
Linux...need I say more?


Yes.
denijane
5 / 5 (2) Jan 20, 2009
The moral? Use Linux :)
PB94941
1 / 5 (1) Jan 20, 2009
my main pc still runs windows and will do until Linux becomes more compatible. If you get decent anti virus (Nod32) and don't go on dodgy websites you will be fine. I only use Linux on my computers that are not top spec.
CreepyD
not rated yet Jan 20, 2009
We've had this virus at work, it's a right pain in the rear. We've spent hours removing it from having it on just a small handful of PC's.
If they catch who made it, they should be hung or something for wasting millions of man hours.

More news stories

Hackers of Oman news agency target Bouteflika

Hackers on Sunday targeted the website of Oman's official news agency, singling out and mocking Algeria's newly re-elected president Abdelaziz Bouteflika as a handicapped "dictator".

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...