January 22, 2009
We saw a large amount of infections from the Downadup worm last month. This worm is also known as Conficker or Kido and is able to spread very quickly because it uses 3 effective ways to propogate:
- Exploits a Windows vulnerability MS08-067. The patch was released a long time ago but there are still a lot of unpatched computers.
- Exploiting network shares with weak or no passwords. The worm contains a list of common passwords - a good reason to use strong passwords.
- Copies itself to removable media, usually USB sticks. Using the AutoRun function (creates autorun.inf file)
The first versions of Downadup were seen at the start of December 08 and until now we have observed more than 300 different variants. All known variants are detected and healed by AVG. Besides spreading, the worm can also download other malware and can redirect legitimate URLs access to various other malicious webpages.We strongly recommend that you install all of the latest security patches for your version of Windows.