This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Corporate networks warned over outbreak of Downadup worm

Share this article:

Windows workstations and servers could be hit by the ‘Downadup' worm.

 

F-Secure has claimed to receive several reports of corporate networks getting infected with variants of this worm since the New Year, and is working closely with affected companies as well as with various CERT organisations to fight the outbreak.

 

It claimed that Downadup (also known as Conficker) is a large family of network worms that is difficult to remove, especially in case of an internal infection inside a corporate network.

 

It can use several different methods to spread, including using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully.

 

Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.

 

Once this worm infects a machine, it protects itself very aggressively by setting itself to restart very early in the boot-up process of the computer, and by setting Access Rights to the files and registry keys of the worm so that the user cannot remove or change them.

 

The worm downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm based on current date and time. As there are hundreds of different domain names that could be used by the malware, it is complex for security companies to locate and shut them all down in time.

 

F-Secure recommends standard procedures such as checking your anti-virus vendor's website for disinfection instructions and restricting USB stick usage and block unnecessary traffic at your firewalls if you are already infected.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Police investigating after hacker steals 500,000 records from cosmetic surgery practice

Police investigating after hacker steals 500,000 records from ...

An unidentified hacker was able to access and exfiltrate almost half a million records on potential cosmetic surgery patients, it has been revealed.

Insider data thieves get away "scot free"

Insider data thieves get away "scot free"

Controls on access to data by both staff and ex-staff are lax, and even when caught, insiders stealing data get away 'scot-free' says new survey.

Government slated as Mumsnet becomes first UK Heartbleed victim

Government slated as Mumsnet becomes first UK Heartbleed ...

The Government's reaction to the 'Heartbleed' flaw has been criticised after the Mumsnet parenting site became the UK's first known victim of Heartbleed hackers.