This is actually a pretty serious threat, when upgrading our system security at work we found the Downadup variant on all but three computers. Below is what the Dept of the Navy sent out today on it:
* NAVNETWARCOM GNOC DET NORFOLK VA User Alert *
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** Urgent User Awareness of Conficker/Downadup WORM ****
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
EVENT: ***Conficker/Downadup Worm***
DATE/TIME: Ongoing
SITUATION:
DoD has released several Situational Awareness reports regarding the
Conficker/Downadup worm that targets Microsoft Windows Systems not properly patched with MS08-067. This worm can be transferred by removable media,shared media and thru port 445.
Once installed, Conficker implements a variety of behaviors as follows:
- Implements logic to defend itself from security products that would
attempt to remove and detect it.
- Attempts to disable Windows Automatic Update and stops access to the
Windows Security Center.
- Detects and disables the SysInternals' Process Explorer program.
- Interferes with the operation of a number of other search-and-destroy
programs including WireShark and SysClean
- Changes the Administrator passwords on local networks and spreads through
ADMIN$ shares.
- Infects removable devices and network shares by creating a special
autorun.inf file and enables its own DLL on the device.
ADVICE TO STAY SAFE:
- For MS Windows systems, ensure MS Security Patch MS08-067 is installed.
Keep your computer updated with the latest patches and the latest virus
definitions.
- Maintain a strong security suite which includes: Virus program ,Firewall
and Spam detection.
- Do not use the "free" security scans that are available on many web sites.
All too often, these are fake ads, using scare tactics to get you to
purchase their "full" service. In many cases these scans are actually
infecting your computer while running.
- Turn off the "autorun" feature that automatically runs programs found on
memory sticks and other USB devices. Do not share your passwords, change
your passwords periodically, use complex passwords, and turn you computer
off when not in use.
- Always use caution when clicking links embedded in e-mails from unknown
sources.
