Author Topic: Downadup worm infects about 15 million computers- are you protected?  (Read 3714 times)

Offline jpf

  • Genin
  • *
  • Posts: 9
  • Chakra 0
  • Referrals: 0
    • View Profile
Computer worm spreading like wildfire- are you protected?

http://www.walletpop.com/blog/2009/01/17/computer-worm-spreading-like-wildfire-are-you-protected/
Tom Barlow
Jan 17th 2009 at 1:30PM
Text SizeAAA

Filed under: Technology

Are you a Windows Vista, XP or Windows Server 2003 user that has lost patience with updating your system every time Microsoft tells you to? Then pay attention; you might be vulnerable to the Downadup worm, which is spreading like wildfire among unprotected PCs. According to Computerworld, 9 million computers have been infected in the last two weeks alone.

The worm exploits a vulnerability in Windows that was recognized by Microsoft in October of 2008. The company issued an update at that time to address this problem, but apparently millions of users didn't get the message, or chose to ignore it.

The worm allows the infected computer to be hijacked and used in nefarious ways such harvesting personal info or contributing to denial of service attacks.

Symantec, the company behind Norton Anti-virus, deems this "one of the most prolific worms we've seen in years", which has "an extremely large infection base that could do a lot of damage." To safeguard yourself, make sure you've installed the update http://www.microsoft.com/protect/computer/updates/bulletins/200901.mspx, and run Microsoft's Malicious Software Removal Tool.
« Last Edit: January 29, 2009, 01:32:42 AM by jpf »

Carigamers


Offline PikachuManZzZ

  • Genin
  • *
  • Posts: 48
  • Chakra -1
    • PS3_
  • Referrals: 0
    • View Profile
Re: Downadup worm infects 9 million computers- are you protected?
« Reply #1 on: January 18, 2009, 05:08:07 PM »
Question: What's the vector? E-mail attachments? Malicious websites? Or is it just going after open ports (a la blaster)?

Buggy as hell.

Offline Crixx_Creww

  • Akatsuki
  • *****
  • Posts: 9057
  • Country: 00
  • Chakra -12
  • ANBU OF THE HIDDEN VILLAGE FOAK
    • Atari 2600.
  • Referrals: 11
    • View Profile
    • www.crixxcrew.com
  • CPU: Intel Q6600 @3.2 Ghz
  • GPU: Nvidia Xfx geforce 9800GTX+
  • RAM: 8 Gigs Mixed kingston and corsair ddr2

Offline jpf

  • Genin
  • *
  • Posts: 9
  • Chakra 0
  • Referrals: 0
    • View Profile
Re: Downadup worm infects 9 million computers- are you protected?
« Reply #3 on: January 19, 2009, 02:33:55 AM »
not email or the web, but through the Windows flaw/bug (probably via some port?), through network shares AND also USB drives-3 different ways!

Offline Nephilim

  • Sannin
  • *****
  • Posts: 2698
  • Country: 00
  • Chakra 56
  • Referrals: 0
    • View Profile
  • CPU: Q94
  • GPU: 4870
  • RAM: 8GB
  • Broadband: Flow
Re: Downadup worm infects 9 million computers- are you protected?
« Reply #4 on: January 19, 2009, 08:48:47 AM »

Are you a Windows Vista, XP or Windows Server 2003 user that has lost patience with updating your system every time Microsoft tells you to? Then pay attention; you might be vulnerable to the Downadup worm, which is spreading like wildfire among unprotected PCs. According to Computerworld, 9 million computers have been infected in the last two weeks alone.

so can i assume server 2008 doesn't have said bug?

Carigamers

Re: Downadup worm infects 9 million computers- are you protected?
« Reply #4 on: January 19, 2009, 08:48:47 AM »

Offline jpf

  • Genin
  • *
  • Posts: 9
  • Chakra 0
  • Referrals: 0
    • View Profile
Re: Downadup worm infects 9 million computers- are you protected?
« Reply #5 on: January 19, 2009, 03:11:17 PM »
vista & server 2008 is also affected but the severity is rated 'important' instead of critical

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Offline jpf

  • Genin
  • *
  • Posts: 9
  • Chakra 0
  • Referrals: 0
    • View Profile
Re: Downadup worm infects 9 million computers- are you protected?
« Reply #6 on: January 29, 2009, 01:31:55 AM »
estimates are now at 15 million by some websites

Offline kiya

  • Jonin
  • ***
  • Posts: 671
  • Chakra 15
  • devine
    • wii, ds, super nintendo, gbc, gba
  • Referrals: 0
    • View Profile
Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #7 on: January 29, 2009, 07:01:50 AM »
darn... so how DO i protect my pc?

Offline Cross

  • Kage
  • ****
  • Posts: 1436
  • Chakra 12
  • Form is temporary, class is permanent
    • Ps3
  • Referrals: 0
    • View Profile
  • CPU: 1.73 Core 2 Duo
  • GPU: Intel GMA 945
  • RAM: 2.5GB
Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #8 on: February 01, 2009, 07:27:14 PM »
This worm was NASTY


Trouble in this place tonight........BAN....KAI

Offline Bone

  • Genin
  • *
  • Posts: 55
  • Chakra 2
  • GO!
    • PSP, PS2
  • Referrals: 0
    • View Profile
  • CPU: Intel Q9300
  • GPU: MSI 9600GT OC
  • RAM: 4Gigs 1000MHz Ballistix Tracer
  • Broadband: Blink
Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #9 on: February 02, 2009, 12:25:15 AM »
whats the best fire wall program 2 used if your using windows vista?


Offline Netizen1

  • Global Moderator
  • Kage
  • *
  • Posts: 1764
  • Country: tt
  • Chakra 10
  • save de Earth, iz de only planet with chocolate!
    • :ps3: :psp:
  • Referrals: 0
    • View Profile
    • Trinidad Christian Center
  • Broadband: :flow:
  • PSN: Netizen1
  • Steam: Netizen1
Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #10 on: February 03, 2009, 08:32:00 PM »
Well we got hit HARD in work... First noticed something was amiss when I got over 10 calls in one day to unlock users' accounts. Same person actually called me 3 times another day. NetWrix Account Lockout Examiner helped track down the root cause.

Bloody AV server went offline at the wrong time of the year!!! Grrrr!

So we had this massive exercise, got the Helpdesk out of their chairs and rolled out a new AV client software, updates et al.

Still infected though, have to visit the other sites to see if all's well there...

I see all the important links were posted already.

We had to use a combination attack;
Install Windows Patch (here)
Run Symantec removal tool (here)
Update Definitions
Install upgraded AV client



So far we're just over 55% coverage, hoping to knock off the rest by the end of Thursday, then it's off to Tobago to patch them up.

Nasty lil bit of code indeed.

Offline Crixx_Creww

  • Akatsuki
  • *****
  • Posts: 9057
  • Country: 00
  • Chakra -12
  • ANBU OF THE HIDDEN VILLAGE FOAK
    • Atari 2600.
  • Referrals: 11
    • View Profile
    • www.crixxcrew.com
  • CPU: Intel Q6600 @3.2 Ghz
  • GPU: Nvidia Xfx geforce 9800GTX+
  • RAM: 8 Gigs Mixed kingston and corsair ddr2
Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #11 on: February 04, 2009, 09:18:11 AM »
reminds me of when sasser was rampant
that was annoying as hell
also required walking to every machine an rinsing out wit detol

when yu go tobago
doh eat de royal castle in de airport
that laid me out for a few days when i got back home

Offline jpf

  • Genin
  • *
  • Posts: 9
  • Chakra 0
  • Referrals: 0
    • View Profile
Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #12 on: February 11, 2009, 08:11:38 PM »
you may be infected with the Conficker worm (or another worm) if

-your computer slows down
-displays fake virus warnings
-you can't enable 'show hidden files' in Tools/Folder Options/View
-you type 'attrib' at the command prompt in the root folder of the hard drive (c:\) or your flash drive and see a autorun.inf file along with other strange executable files (.cmd or .com files)
-on a domain accounts are locked out or the network is congested

-or according to microsoft:-
    * Account lockout policies are being tripped.
    * Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
    * Domain controllers respond slowly to client requests.
    * The network is congested.
    * Various security-related Web sites cannot be accessed.

if you're infected (or just in case!)

http://support.microsoft.com/kb/962007

http://onecare.live.com/site/en-Us/virusenc/virusencinfo.htm?VirusName=Worm:Win32/Conficker.B

http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker

Offline roodie

  • Genin
  • *
  • Posts: 131
  • Chakra 3
  • roodie roodie roodie
    • PS2
  • Referrals: 0
    • View Profile
  • CPU: Intel Pentium Dual CPU T3200 2.0Ghz
  • GPU: Intel 4500m
  • RAM: 4Gbs
Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #13 on: February 20, 2009, 02:59:58 PM »
Is this the same virus that copies itself via network shares and flash drives? We found a quick way to deal with this as people were getting re-infected, open the autorun.inf file and clear the contents (Its a script) then make the file readonly and leave it there. Leaving it there kinda helps so the next time the pc in question gets hit, it can't copy the file.
Lappy:
Toshiba Satellite
CPU: Intel Pentium Dual CPU T3200 2.0Ghz
GPU: Intel 4500m
RAM: 4Gb DDR2
HDD: 250GB

Desktop:
Phenom II 940 x4
BFG GTX260 OC 896MB (216)
Kingston 4Gb
200GB WD
80GB Seagate

Carigamers

Re: Downadup worm infects about 15 million computers- are you protected?
« Reply #13 on: February 20, 2009, 02:59:58 PM »

 


* ShoutBox

Refresh History
  • Crimson609: yea everything cool how are you?
    August 10, 2022, 07:26:15 AM
  • Pain_Killer: Good day, what's going on with you guys? Is everything Ok?
    February 21, 2021, 05:30:10 PM
  • Crimson609: BOOM covid-19
    August 15, 2020, 01:07:30 PM
  • Shinsoo: bwda 2020 shoutboxing. omg we are in the future and in the past at the same time!
    March 03, 2020, 06:42:47 AM
  • TriniXjin: Watch Black Clover Everyone!
    February 01, 2020, 06:30:00 PM
  • Crimson609: lol
    February 01, 2020, 05:05:53 PM
  • Skitz: So fellas how we go include listing for all dem parts for pc on we profile but doh have any place for motherboard?
    January 24, 2020, 09:11:33 PM
  • Crimson609: :ph34r:
    January 20, 2019, 09:23:28 PM
  • Crimson609: Big up ya whole slef
    January 20, 2019, 09:23:17 PM
  • protomanex: Gyul like Link
    January 20, 2019, 09:23:14 PM
  • protomanex: Man like Kitana
    January 20, 2019, 09:22:39 PM
  • protomanex: Man like Chappy
    January 20, 2019, 09:21:53 PM
  • protomanex: Gyul Like Minato
    January 20, 2019, 09:21:48 PM
  • protomanex: Gyul like XJin
    January 20, 2019, 09:19:53 PM
  • protomanex: Shout out to man like Crimson
    January 20, 2019, 09:19:44 PM
  • Crimson609: shout out to gyal like Corbie Gonta
    January 20, 2019, 09:19:06 PM
  • cold_187: Why allur don't make a discord or something?
    December 03, 2018, 06:17:38 PM
  • Red Paradox: https://www.twitch.tv/flippay1985 everyday from 6:00pm
    May 29, 2018, 09:40:09 AM
  • Red Paradox: anyone play EA Sports UFC 3.. Looking for a challenge. PSN: Flippay1985 :)
    May 09, 2018, 11:00:52 PM
  • cold_187: @TriniXjin not really, I may have something they need (ssd/ram/mb etc.), hence why I also said "trade" ;)
    February 05, 2018, 10:22:14 AM

SimplePortal 2.3.3 © 2008-2010, SimplePortal