No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

Old, worm, new, tricks
Launching new testing products and services
- sponsored editorial - The Trade Show at the Software & Systems...
Read More
Planit tests the water in New Zealand
- sponsored editorial - Australian independent software testing and training organisation, Planit,...
Read More
New year's resolution: Beware SMS phishing
SMS phishing is likely to be one of the leading security issues of 2007...
Read More
Old Macs vulnerable to wireless hacks expert claims
If you bought a Wi-Fi card for your iMac or PowerBook before and up...
Read More
New zero day attack hits Microsoft PowerPoint
Microsoft has warned users of new zero-day attacks that exploit a vulnerability in Microsoft...
Read More

More From

Popular Threads

Old worm up to new tricks

Staff Writers
Thursday, 15 January 2009 12:23

Business IT - Security

View Comments
A worm first discovered in November last year has resurfaced and is using a new way to spread. The Wimn32.Worm.Downadup, which installs rogue security software on infected computers, exploits the MS08-067 vulnerability to spread in local area networks. However, it is now also using physical "sneakernet" to spread.

In late December, BitDefender Labs uncovered a new version of the worm, called Win32.Worm.Downadup.B. The malware comes with a list of new features, aside from the present spreading routine, which has shown signs of an upgrade.

The worm now uses USB sticks to spread. By copying itself in a random folder created inside the RECYCLER directory - used by the Recycle Bin to store deleted files - and creating an autorun.inf file in the root folder of the drive, the worm automatically executes if the Autorun feature is enabled.

The worm also patched certain TCP functions to block access to security-related websites by filtering every address that contains certain strings. This makes it harder to remove since information about it is nearly impossible to gather from an infected computer. Additionally, it removes all access rights of the user, except execute and directory usage, to protect its files.

The worm is also built to avoid antivirus detection by working with rarely used application programming interfaces (APIs) in order to avoid virtualisation technologies. It disables Windows updates and certain network traffic, optimising itself for Vista features to help its spread.

Win32.Worm.Downadup.B also comes with a domain name generation algorithm similar to the one found in botnets like Rustock. It composes 250 domains every day and checks for updates or other files to download and install.
 
Possessing a state-of- the-art update system, a good protection scheme and many people who don’t patch their systems, this worm has damaging potential to become as dangerous as already established botnets like Storm or Srizbi, according to BitDefender.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases