Corporate networks warned over outbreak of Downadup worm

By

Windows workstations and servers could be hit by the 'Downadup' worm.

Corporate networks warned over outbreak of Downadup worm
Windows workstations and servers could be hit by the ‘Downadup' worm.

F-Secure has claimed to receive several reports of corporate networks getting infected with variants of this worm since the New Year, and is working closely with affected companies as well as with various CERT organisations to fight the outbreak.

It claimed that Downadup (also known as Conficker) is a large family of network worms that is difficult to remove, especially in case of an internal infection inside a corporate network.

It can use several different methods to spread, including using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully.

Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.

Once this worm infects a machine, it protects itself very aggressively by setting itself to restart very early in the boot-up process of the computer, and by setting Access Rights to the files and registry keys of the worm so that the user cannot remove or change them.

The worm downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm based on current date and time. As there are hundreds of different domain names that could be used by the malware, it is complex for security companies to locate and shut them all down in time.

F-Secure recommends standard procedures such as checking your anti-virus vendor's website for disinfection instructions and restricting USB stick usage and block unnecessary traffic at your firewalls if you are already infected.

See original article on scmagazineuk.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
downadupfsecuresecurityworm

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?