Downandup/Conficker worm infects 9 million PCs
Wed Jan 21, 2009 11:33AM EST
See Comments (33)
Judging from the complaints and questions filling my inbox, Windows security looks like it's already on track for its worst year this decade. The latest attack is a worm called Downandup, Downadup, Kido!, or Conficker (all the same thing), and it primarily seems to be being delivered via infected USB drives.
How's it work? By tricking you into running the virus by modifying the way "autorun" works when you plug in a drive. Look closely at the screenshot above and you'll see two entries for "Open folder to view files." The one at the top is a phony entry that actually installs the virus on your machine... but of course it's the default selection that pops up when you plug in a drive. Once installed, the virus spreads like crazy via a separate flaw in Windows networking system (now patched, so be sure to run Windows Update if you haven't lately) and can quickly infect a whole office. F-Secure has more analysis on the clever way it tricks you into installing the malware yourself.
How bad has it gotten? Estimates range from 3.5 million infected in the first four days after it bean spreading to 9 million impacted... and gettng worse. By now I figure the numbers could top 15 or 20 million.
From an antivirus standpoint, fixing Downandup isn't easy. The worm is particularly problematic because of the tricky way it involves the user in installing the software, bypassing auto-installation safeguards, plus its sophisticated way of avoiding detection, as it morphs its code constantly (using randomized elements) to make traditional, signature-based detection almost impossible.
Your best strategy for avoiding Downandup? Turn off AutoPlay/AutoRun on your computer (with Windows XP, TweakUI is the easiest way to do it). If you do see an AutoPlay dialog box like the one above, just close it and eject the disc or thumbdrive; browsing the drive manually for individual files should keep you uninfected, but you're best off not using the drive at all. And of course, make sure your system is fully patched via Windows Update.
What if you already have Downandup infecting your machine? Try your standard antivirus utility as a fix. If that doesn't work, F-Secure has a removal tool that should get rid of it. Good luck out there.
Top 5 Posts
More About Software
Comments on Downandup/Conficker worm infects 9 million PCs
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
27 Posted by szilagyic on Thu Sep 3, 2009 9:52PM EDT Report Abuse
As several have already stated in this thread, this should be another wakeup call that Linux is NOT affected. Yes, this could change someday as more use Linux. However, keep in mind this still unknown as Linux is vastly different in design that Windows behind the scenes. It runs more efficiently than Windows, and that fact alone is reason to consider it over Windows. I've used Linux for over 12 years, and I'm almost Windows-free at home. Now I can focus on using my computers rather than worrying about future viruses and constant rebooting for updates. http://members.apex-internet.com/sa/windowslinux
-
28 Posted by lilyincredible on Thu Sep 3, 2009 6:52PM EDT Report Abuse
What if this is an April Fools Day joke...
-
29 Posted by gillianquin on Thu Sep 3, 2009 4:09PM EDT Report Abuse
"...which is why I've never owned a PC. Why anybody would is beyond me." Tenacity, emotional attachment, and fear of the unknown or of being unable to adapt. I'm so glad I got rid of mine. I foresee a rise in non-PC computers post April 1st.
-
30 Posted by alexhickman24 on Thu Sep 3, 2009 2:50PM EDT Report Abuse
OK gust un plug ur towere and ur all of the thangs that mak ur cp run and tak ur internet cord and tak it out of the jak and they can not get u hahaha so dont us ur cp
-
31 Posted by lantasb on Thu Sep 3, 2009 4:56PM EDT Report Abuse
You Mac guys need to get a life and know the facts. Mac OSX & the Safari browser were considered the least secure OS and browser of those being tested at the CanSecWest conference this year. Don't worry the Chinese have decided to start focusing on Macs for virus distribution, except unlike the PC that has been targeted for years the Apple Developers won't have a clue on how to respond.
-
32 Posted by zidane13412 on Thu Sep 3, 2009 11:00PM EDT Report Abuse
LOL, you guys are all fools. It hasn't affected ANYBODY...YET. This is fake. April Fools.
-
33 Posted by rickymartin69@ymail.com on Fri May 15, 2009 11:39AM EDT Report Abuse
Keep my PC running fast and efficiently. I have searched for and tired many different types of scanners to keep my PC running fast and efficiently. Many of them are similar when it comes to picking up the same types of viruses but there is a big difference when it comes to price. Search-and-destroy Antispyware is one of the best that I’ve used so far and it’s even cheaper than some of the better known scans like Norton and similar scanners. I found the antispyware solution from Search-and-destroy to be the answer to keeping my PC like new and you can check it out for yourself at http://www.Search-and-destroy.com.
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
26 Posted by galaxyfuzion on Thu Sep 3, 2009 4:05PM EDT Report Abuse
i belive a computer at my job was recently infected with this. I could be wrong i believe it was. I have never come across a pc with this degree of a virus it act more like spyware. No antivirus could pick it up it disabled them. It locked down windows no programs fuctioned. Spybot caught it in the registry and could not remove it. What i found that does work seeing as windows weak points from my experience is its registry. Is ultimateboot disk. Make the disk and in programs use registry restore works like a baby. No problems thus far,