Computing Tips: “Amazing” Downadup worm (Conficker) has infected 10 million PCs

could potentially infect 300 million PCs

The Downadup worm, also called Conficker, had infected an estimated 10 million PCs worldwide by Jan 23, and security experts say they expect to see a dangerous second-stage payload dropped soon.

It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs.

The “worm” exploits a bug in the Windows Server service used by Windows 2000 , XP, Vista , Server 2003 and Server 2008.

Although Microsoft fixed the flaw with one of its rare “out of cycle” updates in late October 2008, about a third of all PCs have not yet been patched.

Those PCs are the ones being hijacked by the worm.

Once it’s gotten onto a PC, Downadup generates a list of possible domains, selects one, then uses that URL to reach a malicious server from which it downloads additional malware to install on the hijacked computer.

The already-high number of Downadup infections prompted Microsoft to add detection for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines.

Like other security researchers, those from Microsoft have put some of the blame on users slow to patch their PCs. “Either Security Update MS08-067 was not installed at all or was not installed on all the computers,” a pair of security researchers who work for Microsoft said.

Microsoft has recommended that Windows users install the emergency update , then run the January edition of the MSRT to scrub the worm from compromised computers.

Read more …

Microsoft Security Updates for Jan 2009

If you manage your own computer, install updates as soon as they become available. If your computer is part of a managed network, contact your system administrator before making changes.

Norton Anti-Virus: The Conficker Worm

Target: All users of Windows XP and Windows Vista
A new worm called Conficker, sometimes referred to as Downadup, has generated a lot of interest. Current users of Symantec’s Norton security products are protected. Users who lack protection are invited to download a trial version of Norton AntiVirus 2009, Norton Internet Security 2009 or Norton 360. All of these products will detect and remove this worm.

What does the Conficker worm do?
The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables some security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?
The worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Who is at risk?
Users who’s computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product.

Click here to see more Computing Tips from the AmCham Webmaster.

Speakeasy Speed Test Click on the SPEED TEST image to test your internet connection speed. By measuring the download and upload rate you are able to accurately judge your current line throughput or internet connection speed.

Try it now to see how if your internet connection measures up.

Click the logos below to download Firefox, Internet Explorer 7 or 8, or Safari for Windows XP, Vista, or Mac.

Firefox 2 Windows Internet Explorer 7

Safari 3

Internet Explorer 8