Downadup Worm Spreading: The Lemming Opines
The British news follow CNN's line that Downadup might have come from Ukraine. PC Magazine, using a different security company as a source, says China. I'm not sure that it really matters, right now, where this worm came from. Learning where this worm originated is important, of course. Among other things, there could be legal trouble for whoever developed this bit of clever malware and set it loose. But, right now, there's a whole bunch of computers to disinfect.The way Downadup/Conflicker/Kido spreads through USB drives and MP3 players reminds me of the worm that started eating the Pentagon's computers last year. (Downadap spreads itself other ways, once it's in a network: CNN did a pretty good job of discussing how that works under its "How does it spread?" subhead.)
Routine Updating, Scans, and Common Sense: Boring, but Necessary
CNN wrote that Downadup is spreading, "despite Microsoft's issuing of a patch to fix the bug." Quite a bit farther down in the article, it explains why the Microsoft patch may not be effective: the worm affects "...machines that have not installed a patch from Microsoft known as MS08-067."Now, spelling it out, it's really important to:
- Get operating system patches promptly
- Once you've gotten a patch, install it
The advantages I have are a background in computer science, 20+ years' on-the-job experience using computers (learning how to deal with two arcane networks along the way), and now being my own boss.
I sympathize with IT people who have to deal with supervisors who don't understand computers, and who can't quite understand that someone lower on the organization chart may have superior technical knowledge. Make that "may have technical knowledge" - period.
And it's simply unrealistic to expect most home computer users to have a professional knowledge of what makes the things work, and how to maintain them.
Downadup, in the news:
- "Virus strikes 15 million PCs"
UPI.com (January 25, 2009)- "LONDON, Jan. 25 (UPI) -- A virulent computer virus has infected more than 15 million computers around the world so far, British experts say.
- "The Independent on Sunday reported that the worm -- known as Downadup, Conficker or Kido -- had contaminated 6 million PCs in the past three days alone.
- "The newspaper said more than 3,000 British organizations, including hospitals and the Ministry of Defense, have received the virus.
- "Officials in Britain, the United States, Russia, China and India say they are waiting to see what the virus's effects will be, if anything...."
- "Conficker/Downadup Worm Dubbed 'Epidemic' "
PC Magazine (January 21, 2009)- "Approximately six percent of computers scanned by Panda Security are currently infected by the Conficker/Downadup worm, Panda said Wednesday, dubbing the outbreak 'an epidemic'.
- "The worm, discovered earlier this month, exploits the Windows MS08-067 service vulnerability, a patch for which was released three months ago.
- "It spreads through The Windows option menu that appears after inserting the USB device will USB memory devices like USB drives or MP3 players.disguise the option to run the program as the option to open the folder. Open the file and release the worm.
- "Panda scanned two million computers and found that six percent are infected across 83 countries. Though it originated in China, it is now particularly virulent in the U.S., Spain, Taiwan, Brazil, and Mexico. Panda has identified about 18,000 infected machines in the U.S., though the number could be higher...."
- "Downadup virus exposes millions of PCs to hijack"
CNN (January 16, 2009)- "LONDON, England (CNN) -- A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than eight million computers in what industry analysts say is one of the most serious infections they have ever seen.
- "The Downadup or Conficker worm exploits a bug in Microsoft Windows to infect mainly corporate networks, where -- although it has yet to cause any harm -- it potentially exposes infected PCs to hijack.
- "Mikko Hypponen, chief research officer at anti-virus firm F-Secure, says while the purpose of the worm is unclear, its unique 'phone home' design, linking back to its point of origin, means it can receive further orders to wreak havoc.
- "He said his company had reverse-engineered its program, which they suspected of originating in Ukraine, and is using the call-back mechanism to monitor an exponential infection rate, despite Microsoft's issuing of a patch to fix the bug...."
No comments:
Post a Comment