Did you know that you opened a can of worms if you did not apply the Windows update for an already known Windows vulnerability, back in October? 
The Downadup worm virus (aka: Conficker, Kido) has globally spread like wildfire. I am now reading stories [ click here ] where over 8 million PC’s have been infected (or 1 in 16 PC’s). That is over 8 million PC’s that failed to patch their systems back in October. The most concerning part, at least to me, is that this worm can use the “AutoRun” functionality in Windows to infect other PC’s. Here is how this works. You plug in your USB flash drive in a computer that has been infected with the Downadup worm and the worm copies a file (autorun.inf), to your flash drive. You remove the flash drive and plug it into another PC, the Windows AutoRun function kicks in and the autorun.inf file, that was copied to your flash drive, now executes and infects that PC.
Downadup is a worm (self-replicating).
A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network. – F-Secure
Propagation (How it spreads)…
Downadup uses a variety of methods to spread itself.
Downadup exploits a Windows vulnerability; patched by the October ‘08 security update.
If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files. – Microsoft Malware Solution Center
Additionally, it uses Windows AutoRun functionality; autorun.inf files are copied to USB drives and other removable media.
If your computer is infected…
You may not experience any symptoms, or you may experience any of the following symptoms:
Account lockout policies are being tripped.
Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
Domain controllers respond slowly to client requests.
The network is congested.
Various security-related Web sites cannot be accessed.
Removal Assistance…
Visit the Microsoft’s Help & Support (to learn about the manual removal method(s) and the available Malicious Software Removal tool (MSRT) tool option that is available. Many of the anti-virus sites are carrying removal options and instructions, as well. Like many viruses, this thing will continue to evolve with a variety of different payloads. If you have a PC that is connected to the internet, it is very important that you keep your systems patched (via the Windows Update) and that you keep your Security software updated (e.g. anti-virus, anti-spyware, anti-malware). The internet is in one sad shape and it is important that our defenses are in place and that we educate ourselves about any potential threats. Thank you visiting the blog and please push this info onward to make others aware.
[ CLICK HERE TO LEAVE A COMMENT ]
January 23, 2009 at 10:10 am |
Hello!! I see you have a tech blog too and it’s doing pretty good!! : ) I just made a new tech blog that is updated several times a day with tech tips and reviews and I hope you can comment or add this blog to your blogroll!! Comment back if you add me to your blogroll so that I can add you too!! Please visit my blog link below!! Thanks a lot!!
http://allthatsnew.wordpress.com/
January 23, 2009 at 12:46 pm |
thx I will add you too : )
January 23, 2009 at 1:19 pm |
Straw…
Thank you… Do appreciate the link (handshake as I say)…
Rick
January 23, 2009 at 1:02 pm |
Another “home run” of an article, on an important topic. I hope folks will recommend it to their friends and loved ones.
January 23, 2009 at 1:15 pm |
TechPaul,
Coming from you; that’s a compliment! This worm has traveled the globe and it is not done yet…
Your Friend,
Rick
January 24, 2009 at 10:50 pm |
Thats why they call them Updates, glad I took your advice about keeping up with them. Good advice from the man who knows……………Thanks Rick.
January 24, 2009 at 10:56 pm |
George,
Just read today on a site where a company (over 600 PC’s) got nailed with this… Thanks for your comment… Provides a positive influence for those reading the articles.
Thanks, Rick
February 16, 2009 at 1:14 am |
[...] Remember the Conficker worm that you recently read about here on “What’s on my PC…” [ click here ] ? In summary, Microsoft is going on the offensive by offering a quarter of a million dollars to [...]
March 30, 2009 at 8:07 pm |
[...] Downadup (aka: Conficker, Kido) is using AutoRun to spread “like a can of worms”… [...]
March 31, 2009 at 8:14 pm |
Conficker.A and Conficker.B can both be removed using free software like F-Secure’s Downadup removal software as well as bdtools which was made just for this. However Conficker.C has to be removed manually still. In just another day a fix will be made for it. You can view the Microsoft site for more information on how to remove this manually.
April 2, 2009 at 11:06 pm |
thanx, i ve been writing this issue on indonesian language
check this out
http://www.ronywijaya.web.id/2009/04/cara-menghapus-virus-vmx-worm-conficker.html
April 2, 2009 at 11:15 pm |
Rony,
Great blog… Keep up the great work! Conficker, hot news the past couple of days!
Rick