Downadup Worm is taking over

[Saturday]

Released only a few weeks ago, Downadup (aka Conficker) is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.

F-Secure, one of the more reliable, professional AV organisations, estimates that the number of worldwide infections has grown from 2.4 million to over 8.9 million during the last four days

Every one of those infected machines is now part of a "bot" and is downloading more malware and spewing out yet more copies and infecting yet more machines. Each copy of the worm keeps count of the new machines it has infected and in a sample, 12 Downadup-infected PCs, had collectively infected 186 additional systems. Just one of the originally-infected computers successfully attacked 116 other machines.

I wonder how many of those 8.9 million people are blaming their ISPs for their recent slowdown and lack of throughput?

[Undecided adrian]

I wonder how many of them have antivirus software?

[Saturday]

As far as I can understand from reading up on this, the problem is confined to people who haven't applied the Microsoft update released in October 2008 - apparently that's 30% of all PCs

I guess if you aren't up to date with MS updates then having an up to date AV isn't too likely either.

[Tony1044]

A few tips, although I am sure that most people here are pretty savvy:

Use a firewall at a perimeter and firewall on your desktop. Yes it can be a pain but generally they work.

Use AntiVirus software that is running and kept up to date. See the end of the post for some free ones.

Don't run cracks for software [without checking for viruses] - try to use legitimate software because there's usually a free or low-cost alternative to anything you need these days.

Don't run software you've been sent in an email unless the person it's from has a reason to be sending it to you "Not like 'hey look at this cool thing...' or 'Anna Kornikova naked...' kind of scenario"

If you use Outlook, turn off the preview pane - this can be used as a point of entry for viruses and spyware.

Don't reply to spam or click on links that say "click here to unsubscribe" - it doesn't, it just confirms you exist.

Don't send out of office replies to the internet - it just confirms your email address is real and exists.

Don't click on links in emails. Copy the text from them and paste it into your web browser. The text is usually genuine, but the 'link' below it may not be. This is a common way phishers get your details (and remember, genuine sites such as banks will always have the padlock sign and start with https:// for any login parts of their sites.

Make sure that your operating system set to automatically update - Microsoft release patches every second Tuesday of the month or in the event of something like this, as and when required.

Unless you have a really good reason, ensure you're using the latest service pack.

For Windows XP that would be SP3 and for Vista, it's currently SP1.

Not to preach, but don't use illegal software (particularly your copy of windows) so that you can always get updates from vendors.

Don't use Internet Explorer. Use FireFox - it's more secure, quicker and a lot easier to use.

I don't know how many people know this (or care ), and for some it'll still be too expensive anyway but Microsoft do something called an action pack.

It's only available to "partners" and costs £250. In it you get 10 licenses for Vista (Business - personally I think this is better than Ultimate as you get all the best bits without the bloaty, expensive and useless crap, Office, Winows Server 2008, Exchange 2007, SQL etc etc - but if ten of you join in together to each get a copy of Vista, it works out a £25 each. Not bad.

The best bit is that anyone at all can become a partner. It's free. Just google microsoft partner and look for how you sign up.

Also - Microsoft are dropping their paid-for AntiVirus in June and giving it away free...

But right now, you can get free antivirus from (in my personal order of preference):

Avast - avast! - Download antivirus software for spyware and virus protection
Grisoft - AVG Free - Download antivirus and antispyware software for Windows XP and Vista
ClamWin - Free Antivirus for Windows - Open source GPL virus scanner <-- this will also run on server operating systems which the other two won't

I think that covers most bases but probably not all.

And remember you can always ask on here for any help/advice.

[puretoon]

I noticed with interest Tony, that you advocate Firefox rather than Internet Explorer saying it's more secure. I have friends who use Firefox and swear by it.

Am I right in saying that as most users use IE hence the vunerablity of it, especially for virus' etc, whereas not as many use Firefox so vunerablity is low?
or is it simply the fact it's security is somehow 'built in'?

I agree about Avast-its very good.

Regarding home users and AV's, I think a lot of users seem to be under the impression that once it's installed, thats it, it'll do the trick, whereas it's most definately not the case and must be updated preferably through automation as you don't have to think about it then. I find Avast really good for this AND it does find those horrible virus'(yes I've had the odd one, but Avast notified me and prevented it from running).

[Tony1044]

Hi Pure,

Well there's a few points actually that might help people decide - the first being that since Firefox is now accounting for an larger piece of the web-browser space, so the people that write viruses and other nasties have started to switch their attention to trying to find vulnerabilities in Firefox.

There seems to have been a change in approach over the last few years - whereby it was once a case of antipathy towards Microsoft that drove a lot of the work once it became known that you could make money out of compromising someone's PC, then the professionals started to get involved.

That said, the way that Firefox is coded makes it much more useable and in many ways less vulnerable to attack (compared with IE, and notwithstanding what I said above). For example there are a number of add-ons to Firefox that allow you to do some really useful things like block adverts - (Adblock Plus) - simply by right-clicking an area of the screen and choosing to block that element.

You can even use it to block a single image you dislike.

The reason I chose ABP over others was to use as an example - it's practically impossible to add that level of functionality onto any currently available version of IE simply because of the way it's coded.

So my real point is that for now at least, I would still have no problem in recommending the use of Firefox over IE - I've also seen sites that bring IE to its knees still be functional within Firefox.

As for AntiVirus software - I'm really 'old school' when it comes to IT and I can remember when Microsoft released Service Pack 2 for Windows NT 4.0 (this would have to be some time around 1997) and it brought a huge number of systems to their knees.

Then we went through a similar process with an AntiVirus system that updated it's scanning engine and did a similar thing.

So for a long time our (techie's) advice tended to be to avoid automatic updates of your operating system and AV...

Now of course, that would be suicidal and I would urge everyone to run AV and make sure that both it, and your operating system are patched automatically.

Oh and to go back a bit, of course there are other browser options out there - Safari from Apple and Chrome from Google to name just two. I can't say one way or the other if either are any good or particularly secure as I haven't used either to any great extent but given their share of the market is low then they're less likely to be attacked in the same way as either IE of FF.

I would also endorse Malware Bytes' AntiMalware program - there is a free version available that allows you to run scheduled scans but you have to pay to run the realtime shield.

You can download their free version here: Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

[Keltic]

I posted this on my site several months ago , just personnal preferance's but has worked for me and helped a few people out as well.


With all the virus activity at the minute i thought some links to half decent software might be useful.

Adaware Free basic version available Anti Malware/Spyware

Superantispyware Free basic version available Anti Malware/Spyware

Spybot Search & Destroy Free Anti Malware/Spyware

Bullguard Internet Security Suite--2 month free trial available , also gives 5GB online storage for file backup and uses low system resources

AVG Free Anti-Virus Software

Zonealarm Free Firewall Free Firewall

Bitdefender Internet Security Suite--Trial version available


Only thing i'll add is that free security software is better than outdated or no software at all but really if you want backup etc you need to pay.