Friday, January 16, 2009

Superworm gonna getcha

No, it's not a Blaxploitation film, it's modern day haxploitation:
Downadup, the superworm that attacks a patched vulnerability in Microsoft Windows, is making exponential gains if estimates from researchers at F-Secure are accurate. They show 6.5 million new infections in the past four days, bringing the total number of machines it has compromised to almost 9 million.
This is bad - really bad.

A confluence of factors are responsible for the growth of Downadup, which also goes by the name Conficker.

For one, the underlying vulnerability allows for self-replicating attacks in the 2000, XP, and Server 2003 versions of Windows. And for another, the malware authors have cleverly designed exploits that spread via flash and network drives, online trojans, and social engineering features that allow it to spread like wildfire within a local network once a single machine is compromised.

So what do you do? Well, if you use Macintosh or Linux, you can kick back and have a beer. Windows users, not so much:
  • Your antivirus is very unlikely to stop this. Antivirus is shooting at a moving target, and it probably hasn't caught up to this one yet.
  • Microsoft's Windows Update malware removal tool doesn't grok Downadup. Removal tools from antivirus vendors (for example, Symantec) are old and out of date.
Turning off file and print sharing is probably at least moderately helpful, although it will probably be a pain. JasonN has the goods - you'll want to disable the "server" service.

The best thing that you can do is make sure that each of your Windows computers has been patched for the vulnerability that the Worm exploits. A lot of folks haven't.

No comments: