Confliker, Downadup worm hype? Get the facts

Confliker, Downadup worm hype? Get the facts

Tags:   Microsoft  Microsoft Malicious Software Removal Tool  Viruses, worms and other malware

By Robert Westervelt | Jan 23, 2009

Thumbnail: 

Security vendors from across the spectrum have warned that a stingy worm has been successfully exploiting a hole in Microsoft Windows server service. Known as Confliker or Downadup, the worm spreads by exploiting a remote procedure call (RPC) vulnerability.

The flaw was patched by Microsoft in October. The MS08-067 update was meant to stop the worm in its tracks. Many patching vendors say organizations apparently have been slow to deploy the update.

But that may not be the case. Symantec released data explaining which countries have had the highest worm infection rates. North America does not even rank in the top 10 countries infected by the worm. It has spread in countries where software pirating is rampant. Bootlegged versions of Microsoft Windows won’t receive the latest security updates.

Is it a coincidence that the highest infection rates are in China, Russia, Argentina, Taiwan and Brazil (in that order)? China and Russia have been at the top of the list of software pirating countries for years.

So first don’t panic. If you’re running antivirus and it’s up-to-date, you’re probably fine. Second, ensure that the MS08-067 update has been deployed. If it hasn’t deploy it and then do a thorough review of your patch management processes. This patch should have been deployed months ago.

In its latest round of updates, Microsoft security experts addressed the spread of the worm and how people can check to see if their machines are infected. Microsoft advises customers to scan the machine with up-to-date antivirus. The worm also blocks access to a large number of security websites listed by Microsoft.

Also, Microsoft said its Malicious Software Removal Tool completely cleans the registry elements related to the worm.

What’s all the fascination among security researchers about Conflicker/Downadup?

It’s not necessarily who’s infected, but how they are being infected. As Derek Brown, of TippingPoint’s DVLabs points out, the worm is an example of advanced malicious software coding. Conficker/Downadup can self-propagate by guessing a person’s weak password or it can spread by simply being passed along on someone’s portable storage device. It disables several system services and security products and then signals to its host that it is ready to download additional instructions.

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Outlook: Emerging security technology trends
As part of an ongoing discussion from IBM, this white paper helps us to gain a perspective on the security challenges organizations will face in the next few years. What fundamental technology trends are expected to impact organizations this and the following years? And how can organizations position themselves to profit from the myriad opportunities while managing the risk that inevitably accompanies them?
Top 10 challenges for managing emails
MessageLabs surveyed 157 IT professionals to understand the difficulties and opportunities faced by email managers. What kept them awake at night? What cost the most money or took the most time? And from these responses highlight some easy-to-manage solutions to their most pressing problems. This paper presents the results of the survey and actionable recommendations.
 
 
 
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
Budget-conscious NGO cuts costs and improves IT productivity with Symantec
St James' Settlement reduces staff time spent on data protection administration by 80% and on software inventories by almost 100%.
 
 
 

Recent popular content

Most Read
Tripwire steps into SIEM territory
What to do with Microsoft SMB2 vulnerability
Internet Explorer vulnerabities cause data leakage
Microsoft expands SDL program
Top 10 challenges for managing emails

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS