Shavlik Technologies commented on the new variant of the Conficker worm known as “Downadup.’
Downadup is yet another exploit of a security vulnerability that could be eliminated by application of MS08-067, which Microsoft released out-of-band in October 2008. To protect networks from this potential threat, IT departments must patch and configure all physical systems and virtual machines to ensure MS08-067 is deployed across the network.
Continuous or on-demand security configuration assessments can provide additional defensive measures by ensuring that services like firewalls are running and that password and account policies are enforced.
How the Conficker and Downadup Worm Works
The worm spreads by more traditional methods of accessing computers over the Internet, but can also infect computers via malicious code on USB devices. Once infected, the worm turns off Windows Update services – thereby preventing the machine from obtaining the very patch that would have prevented the initial exploit.
The worm also denies Internet access to the websites of many different security vendors. Attempting to go to your AV or security vendor of choice to download detection or removal tools will be blocked by this worm. (The Shavlik web site is not blocked by the worm.) The worm is also known to modify the Windows firewall settings to allow access to the computer via specified ports.