Tuesday, January 20, 2009

Microsoft and Other Advice on Fighting Downadup

Microsoft has updated its Malicious Software Removal Tool (MSRT) to remove Downadup, also called Conficker, and its variants, a particularly nasty worm that has spread recently to around nine million PCs worldwide.

I first reported on the attack yesterday, mentioning that systems a patch released by Microsoft in October (MS08-067) would have been protected. Details about the worm, and how to protect your PC, are on the Microsoft Malware Protection Center and Computer World web sites.

The worm exploits a flaw in the Windows Server service (svchost.exe), allowing remote execution of malicious code on boxes with file sharing enabled.

Interestingly, SC Magazine reported the first variants of Conficker were programmed to avoid targets in the Ukraine, where the alleged malware writers are located, to hide from local law enforcement, by detecting the keyboard layout. Later versions of the worm don't discriminate in who they attack.


Blogger Unknown said...

According to downadup.com - a guide to removing this virus - its also important to disable AutoStart; a whole new infection vector is through USB drives.

5:16 PM  

Post a Comment

<< Home