| Home | About Us | Products | Support | Downloads | Resellers | Links |
|
|
|
||||||||
|
|||||||||
|
Latest Threats Polymorphic Worm Downadup/Conflicker
Urgency: Large (Small/Medium/Large/Urgent)
Description Inter Engineering warns about a new worm named W32/Downadup.AL which uses computer or network resources to make complete copies of itself and steal confidential data. It may include code or other malware to damage both the system and the network. In addition to everything else, Downadup is also a USB worm.
Summary Downadup attempts to brute-force account passwords so make sure that your administrator accounts are secure and use strict passwords. The threat tries different password from a common list in order to steal the administrator account credentials, the system’s real ip address and it pass them back to the web, to domains belong to crackers. The worm disables a number of system features, in order to facilitate its activities. If the user attempts to access primarily security-related domains, their access is blocked. Propagation The downadup is polymorphic worm which propagates its self by many different ways. It exploits Microsoft OS vulnerability MS08-067. F-Secure has a number of reports citing thousands of infections exploiting this vulnerability. This vulnerability allows crackers to run arbitrary code remotely. An infected system could harm all neighbored systems in a local area network as they have access to common network resources or by the attachment of usb flash memory sticks. It also harms system’s registry and services in order to duplicate it self. More information on the vulnerability can be found at http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx More detailed information on the virus you can find here: http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
Suggested solutions
To remain protected:
It is strongly recommended by Inter Engineering that simple users to system administrators take actions to apply this patch on their systems. You can download this patch at http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
It is well known that for corporate environments keeping workstations and servers with the latest up-to-date security patches (Microsoft and Non-Microsoft related) can be challenging. Inter Engineering offers Shavlik NetCheck Protect solutions, to allow administrators, the fully automated centralized management (scanning, deployment and feedback) of patching across the corporate network. The spreading of this malware through USB sticks once more emphasizes the need for controlled and restricted use of these removable media in corporate environments. Inter Engineering provides professional solutions such as the Mobilegov Device Authenticator for the policy based and centrally managed monitoring and control of USB sticks and other removable devices as well as all any peripherals present at the user’s workstation.
Disable also Autoplay *and* Autorun functionality if possible.
In case you are infected:
Make sure that your AntiVirus product is updated with the latest AntiVirus updates.
Disinfect, by use the manual Microsoft update to patch, then manually update your antivirus, and then do a full system scan for all files. Select all files because the threat renames its self and masquerades as an image file (*.png, *jpg, *.bmp) . You must clean all of the computers within your network or else you risk reinfections. Servers first, then workstations.
F-Secure has also developed a disinfection tool that may assist in your efforts. You can download it from here ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip
Downadup disables connectivity to a large number of security sites, update channels, as well as Microsoft Updates. You should confirm that these connections are reestablished once the computer is clean.
Also you should make sure that you have patched your system for the vulnerability, to avoid re-infection risks.
For more technical information contact Support Department via e-mail Support@inter.gr or via phone +30.2410.670030.
To contact us:
|