Security Market Segment LS
Thursday, 15 January 2009 13:23

Old worm up to new tricks

By Staff Writers
A worm first discovered in November last year has resurfaced and is using a new way to spread. The Wimn32.Worm.Downadup, which installs rogue security software on infected computers, exploits the MS08-067 vulnerability to spread in local area networks. However, it is now also using physical "sneakernet" to spread.

In late December, BitDefender Labs uncovered a new version of the worm, called Win32.Worm.Downadup.B. The malware comes with a list of new features, aside from the present spreading routine, which has shown signs of an upgrade.

The worm now uses USB sticks to spread. By copying itself in a random folder created inside the RECYCLER directory - used by the Recycle Bin to store deleted files - and creating an autorun.inf file in the root folder of the drive, the worm automatically executes if the Autorun feature is enabled.

The worm also patched certain TCP functions to block access to security-related websites by filtering every address that contains certain strings. This makes it harder to remove since information about it is nearly impossible to gather from an infected computer. Additionally, it removes all access rights of the user, except execute and directory usage, to protect its files.

The worm is also built to avoid antivirus detection by working with rarely used application programming interfaces (APIs) in order to avoid virtualisation technologies. It disables Windows updates and certain network traffic, optimising itself for Vista features to help its spread.

Win32.Worm.Downadup.B also comes with a domain name generation algorithm similar to the one found in botnets like Rustock. It composes 250 domains every day and checks for updates or other files to download and install.
Possessing a state-of- the-art update system, a good protection scheme and many people who don’t patch their systems, this worm has damaging potential to become as dangerous as already established botnets like Storm or Srizbi, according to BitDefender.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News