 |
|
|
The Downadup or Conficker worm continues its journey through PCs worldwide, and has managed to infect over 9 million of them in record time. As the infection rate seems to have reached its peak, specialists say the hackers are yet to reveal their intentions.
Mikko Hypponen of F-Secure - who issued an alert about the rapidly expanding worm - explained in a post last week that Downadup worms attempt to call home by trying to connect to various Web addresses. If it finds an active Web server on one of the domains, it will then download and run a particular executable – thus giving the malware gang a free hand to do whatever they want with all of the infected machines.
On Monday, F-Secure also warned that the Downadup worm uses autorun.inf files to spread via removable devices such as USB drives. Furthermore, it appears that Downadup attempts a social engineering trick in Windows Vista.
The Autorun window will prompt the user to choose between two icons that are identical and accompanied by the same text, with the difference that one is in the category Install or run program, while the other one is in the General options category.
The first option (Install or run program) will run the Downadup worm, while the second one (from the General options tab) will safely open the USB drive. F-Security learned that the worm can do the same in Windows 7.
© 2007 - 2009 - eFluxMedia
