Downandup/Conficker worm infects 9 million PCs

Wed Jan 21, 2009 11:33AM EST

See Comments (33)

Judging from the complaints and questions filling my inbox, Windows security looks like it's already on track for its worst year this decade. The latest attack is a worm called Downandup, Downadup, Kido!, or Conficker (all the same thing), and it primarily seems to be being delivered via infected USB drives.

How's it work? By tricking you into running the virus by modifying the way "autorun" works when you plug in a drive. Look closely at the screenshot above and you'll see two entries for "Open folder to view files." The one at the top is a phony entry that actually installs the virus on your machine... but of course it's the default selection that pops up when you plug in a drive. Once installed, the virus spreads like crazy via a separate flaw in Windows networking system (now patched, so be sure to run Windows Update if you haven't lately) and can quickly infect a whole office. F-Secure has more analysis on the clever way it tricks you into installing the malware yourself.

How bad has it gotten? Estimates range from 3.5 million infected in the first four days after it bean spreading to 9 million impacted... and gettng worse. By now I figure the numbers could top 15 or 20 million.

From an antivirus standpoint, fixing Downandup isn't easy. The worm is particularly problematic because of the tricky way it involves the user in installing the software, bypassing auto-installation safeguards, plus its sophisticated way of avoiding detection, as it morphs its code constantly (using randomized elements) to make traditional, signature-based detection almost impossible.

Your best strategy for avoiding Downandup? Turn off AutoPlay/AutoRun on your computer (with Windows XP, TweakUI is the easiest way to do it). If you do see an AutoPlay dialog box like the one above, just close it and eject the disc or thumbdrive; browsing the drive manually for individual files should keep you uninfected, but you're best off not using the drive at all. And of course, make sure your system is fully patched via Windows Update.

What if you already have Downandup infecting your machine? Try your standard antivirus utility as a fix. If that doesn't work, F-Secure has a removal tool that should get rid of it. Good luck out there.

Comments on Downandup/Conficker worm infects 9 million PCs

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by arudner@rogers.com on Thu Sep 3, 2009 2:58PM EDT Report Abuse

    OK, so there's a worm. The article doesn't describe the symptoms of infection. Or how you can check if your computer is infected, if your anti-virus software doesn't catch it. Not very helpful!

  • 8 Posted by zero_defekz on Thu Sep 3, 2009 11:00PM EDT Report Abuse

    @ i.aredavide: Yup. Because we all know its worthwhile to rob a bank that holds 10,000 in the vault, compared to robbing the federal reserve. (The marketshare comparison of Apple/Windows)

  • 9 Posted by elmosbizz on Thu Sep 3, 2009 3:53PM EDT Report Abuse

    I installed and ran the mentioned removal tool above. Though, it scanned and said that no viruses could be detected or what not, so now I'm starting to think that my problem ISN'T this worm... but, I can't find any other explanation. The connection I used between my probem and this blog was the fact that my E drive doesn't work - out of nowhere. Am I looking in the totally wrong place?

  • 10 Posted by mhansen94 on Thu Sep 3, 2009 7:17PM EDT Report Abuse

    Perhaps it goes without saying, but no one has happened to mention that computer viruses such as this one are not natural occurrences, but some person intentionally created them. What possible reason could a person have for writing such software, except that they are evil, and enjoy causing havoc to millions of innocent people? (I realize that some viruses are written for the purpose of stealing identities in order to steal your money, which is pure greed and disregard for other people's property, but this virus sounds like its intent is just to wreck stuff.) I hope the FBI or somebody is trying to trace the origin of this virus and catch the guy who wrote it. And I hope they throw him in jail for the rest of his life. If ever waterboarding should be allowed, it should be done on the people who write viruses.

  • 11 Posted by tech3000kid on Thu Sep 3, 2009 9:59PM EDT Report Abuse

    @zero_defekz: market share has nothing to do with why pc's get viruses instead of macs. Due to the way a mac works, its almost impossible for a virus to infect it. Get a mac and your problem is solved.

  • 12 Posted by rdivaldi on Thu Sep 3, 2009 8:32PM EDT Report Abuse

    Lord, you Mapple owners go back to worshipping Steve Mobs and your overpriced, overrated pieces of plastic and shut the heck up.

  • 13 Posted by somebodys_here on Thu Sep 3, 2009 9:32PM EDT Report Abuse

    People who get infected really need to be taught the ways of the internet pirate- we never have any problems because we know how to cause them.

  • 14 Posted by kf6yir on Thu Sep 3, 2009 4:50PM EDT Report Abuse

    Why do all the Linux users and other no PC users out there cruise the Windows forums and pollute threads like this with trash. See post 1 and 3. All non PC users please hold your tongue unless you have something worth value to add. Thanks to post 2 and 5 for the links to the CERT pages. Bob

  • 16 Posted by ricool007 on Thu Sep 3, 2009 8:40PM EDT Report Abuse

    this is possibly the most non-technical far from accurate article about this worm in the internet. It has no other technical information other than not to use autorun. very very lame

  • 17 Posted by happy_4_knowledge on Thu Sep 3, 2009 4:16PM EDT Report Abuse

    Well well, only those who don't buy the latest updates of Microsoft's security software are likely hit. Maybe look for the worm creators INSIDE the companies who have the most advantage of such a huge attacks by boosting their sales worldwide of the upgrading/updating software!!! Isn't it strange that APPLE software has less pproblems, less attacks to consider? Joining ssoftware specialist is a powerful ggovenment issue, creating and unleashing worms is a powerful sales issue. Have a nice time trying to believe those guys and filling their pockets. Olee

  • 18 Posted by mybrainrunslinux on Thu Sep 3, 2009 7:31PM EDT Report Abuse

    New information (including technical details) on the three - yes, three - versions of Conficker (some of them have no sure removal method yet): http://tweakandtune.blogspot.com/2009/03/will-internet-survive-conficker.html Please pass this on - most security pros are starting to thing the whole Conficker mess is just a distraction for something BIG...

  • 20 Posted by kumagoro1391@sbcglobal.net on Thu Sep 3, 2009 4:54PM EDT Report Abuse

    Hey, one1810, you likely have it. Our computer was doing exactly that, and we had to have it fixed twice in 20 days--the first took 5 days, the second took 9. Unplug you PC, take it to the nearest BestBuy, and have the GeekSquad look at it. Don't turn it on on April Fools' Day AT ALL. It managed to install 11 viruses in just one day. Have it checked out. By the way, Safari usually works when that terrifying virus is blocking everything else. Mozilla and IE are blocked, but you can use Safari.

  • 21 Posted by shadowbloo3000 on Thu Sep 3, 2009 9:15PM EDT Report Abuse

    "one810, you are not infected -_- Oh, and Linux sucks, it's used by the typical "anti-windows" guy who njever actually tried windows or a mac against a Linux.

  • 22 Posted by judithpain on Thu Sep 3, 2009 4:43PM EDT Report Abuse

    I am confused about one thing: The article talks about how this worm gets from a USB drive onto your PC. What I am curious about is how it is getting onto all of those USB drives.

  • 24 Posted by tpl6by@att.net on Thu Sep 3, 2009 10:18PM EDT Report Abuse

    ..it looks more like the first thing installed---was stupid.

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.