Blogs » Digital Babble » Computer worm infects millions of PCs

Subscribe


Image A worm that exploits a vulnerability in the Windows RPC Server Service has infected millions of Windows PCs in the last two weeks.

The Win32.Worm.Downadup, also known as Conficker, was discovered earlier this month and exploits the Windows MS08-067 service vulnerability, which was a patch released released three months ago.

F-Secure said that the worm takes advantage of the Windows operating system’s “Autoplay” function, which searches for programs stored on removable drives, such as memory sticks. The worm wriggles its way into this process, creating a fake folder on removable drives that users believe they can legitimately open. Once that folder is clicked on, the worm is activated and installed on the computer’s operating system, burrowing its way deep into the machine’s software. [Source: Telegraph.co.uk]

The software company Panda Security said, Conficker appears to launching brute force attacks to extract passwords from computer and corporate internal networks.

The easier the password, the easier it is for Conficker to decipher it. Once the passwords are detected, cyber criminals can access computers and use them maliciously.

 "This is no doubt an epidemic and the worst may still be to come, as the worm could begin to download more malware onto computers or to spread through other channels," Luis Corrons, technical director of PandaLabs, said in a statement. "The outbreak of this worm really highlights the need for users to establish strong passwords." [Source: PCMag.com]


How to protect your PC

Make sure your Windows updates are recent. If you are infected with Conficker/Downadup, the worm will disable Automatic Updates. 

You can install F-Secure's  Downadup removal tool, make sure to install the most recent version. A note on F-Secure's site notes that computers infected by Downadup are blocked from reaching f-secure.com websites, but the software is available on their FTP server which can be reached from: ftp://ftp.antivirus.fi/anti-virus/tools/beta/ and ftp://193.110.109.53/anti-virus/tools/beta/.

Another thing, make sure you have strong passwords. For more information on strong passwords and brute force attacks, check  out this excellent source from UT's Information Technology Services: Keep Safe with Strong Passwords.