Advertisment

F-Secure warning for network worm

author-image
CIOL Bureau
Updated On
New Update

NEW DELHI, INDIA: F-Secure Corporation is issuing an alert about new versions of the 'Downadup' worm.

Advertisment

This worm infects Windows workstations and servers, causing various problems. Since New Year, F-Secure has received several reports of corporate networks getting infected with variants of this worm.

F-Secure is working closely with affected companies as well as with various CERT organizations to fight this worm outbreak.

Downadup (also known as Conficker) is a large family of network worms.

Advertisment

They are unusually difficult to remove, especially in case of an internal infection inside a corporate network. Downadup uses several different methods to spread.

These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully.

Typical problems generated by the worm include locking network users out of their accounts.

Advertisment

This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures. Once this worm infects a machine, it protects itself very aggressively.

It does this by setting itself to restart very early in the boot-up process of the computer and by setting Access Rights to the files and registry keys of the worm so that the user can't remove or change them.

The worm downloads modified versions of itself from a long list of websites.

The names of these websites are generated by an algorithm based on current date and time.

As there are hundreds of different domain names that could be used by the malware, it is hard for security companies to locate and shut them all down in time.

tech-news