Downadup worm


A new version of the Downadup worm infects Windows workstations and servers on corporate networks. Since the new year, F-Secure has received several reports of corporate network infections and is working closely with these companies, as well as various CERT organisations, to fight this outbreak.

Downadup (also known as Conficker) is a large family of network worms that is unusually difficult to remove, especially in the case of an internal infection inside a corporate network.

W32/Downadup is an email worm. The worm will infect Windows systems.

Upon execution, the worm drops svchost.exe in the Windows System folder.

The worm modifies registry at the following locations to register itself as a system service:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

What does the worm do? Part 11
What to do if you're infected? Part 111

Labels:

Read Me

> Advanced Firewall
> Oracle 41 security patches
> Project Management & Business Management Software
> keyboard/video/mouse
> Digital Display Technology
> Zombie Hordes : Microsoft and Silicon Valley
> The Server
> Top Oracle security headlines
> Database
> What's new on MYSQL

Journal Info

> February 2008
> April 2008
> May 2008
> June 2008
> July 2008
> January 2009
> April 2009
> May 2009
> September 2009
> October 2009
> January 2010
> September 2010
> October 2010
> November 2010
> December 2010
> January 2011
> April 2011