Archive for the ‘downadup’ tag
A new computer worm called Downadup as infected 3.5 million personal PCs by exploiting a vulnerbility Microsoft patched last October. It reached 3.5 million in such a short period of time, using several different methods to spread, and has the ability to download new versions of itself.
This worm is actually pretty clever. It will attempt to call home to a variety of random domains that haven’t been registered which infected machines attempt to establish contact with. All its creators have to do is register one of the generated domains and bingo – they have your personal information
F-Secure’s CFO, Mikko Hyppönen explains: “The bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website, and they then gain access to all of the infected machines — pretty clever.”
F-Secure also managed to take a peek at the inner workings of the worm by registering one of the randomly generated domains. This has allowed them to analyze the connections that Downadup is making and, in fact, they have gained the ability to modify the worm’s update mechanism to remotely disinfect affected systems. However, for legal reasons, the company has decided not to do so.
Now is a very good time to run an anti-virus scan and also make sure you are using a strong password. And don’t forget to install Microsoft’s latest security updates. Additionally, Microsoft has added detection to the latest version of its free Malicious Software Removal Tool, which is available here.