Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

F-Secure Warns About a Worm Affecting Corporate Networks

F-Secure Corporation is issuing an alert about new versions of the "Downadup" worm. This worm infects Windows workstations and servers, causing various problems. Since New Year, F-Secure has received several reports of corporate networks getting infected with variants of this worm.
  • 08 January, 2009 16:42

<p>F-Secure is working closely with affected companies as well as with various CERT organisations to fight this worm outbreak.</p>
<p>Downadup (also known as Conficker) is large family of network worms. They are unusually difficult to remove, especially in case of an internal infection inside a corporate network.</p>
<p>What to do to avoid infection:
- Make sure latest Microsoft patches have been applied
- Make sure your organisation is running the latest version of your antivirus product
- Check that the antivirus product has the latest updates
- Turn off AUTORUN and AUTOPLAY for USB sticks
- Make sure users domain passwords are strong
- Take extra care about the domain administrators’ passwords</p>
<p>What to do if your network is already infected:
- Check your antivirus vendor’s website for disinfection instructions
- Disinfection of this worm is complex and could require shutting down parts of your network
- Restrict USB stick usage and block unnecessary traffic at your firewalls</p>
<p>What does the worm do?</p>
<p>Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully.</p>
<p>Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.</p>
<p>Once this worm infects a machine, it protects itself very aggressively. It does this by setting itself to restart very early in the boot-up process of the computer and by setting Access Rights to the files and registry keys of the worm so that the user can't remove or change them.</p>
<p>The worm downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm based on current date and time. As there are hundreds of different domain names that could be used by the malware, it is hard for security companies to locate and shut them all down in time.</p>
<p>Further technical information about the malware is available on F-Secure's blog at</p>
<p>F-Secure has also released a free tool that can remove known versions of Downadup. The tool is also available for download from F-Secure's blog.</p>
<p>About F-Secure Corporation</p>
<p>Innovation, reliability and speed of response - these are the qualities that have made F-Secure one of the world’s leading IT security providers since the company was founded in 1988. Today F-Secure’s award-winning and easy-to-use products are trusted in millions of homes and businesses around the world. We provide powerful real-time protection that works quietly and smoothly in the background, so computer and smartphone users can enjoy the benefits of connected life to the full. F-Secure’s solutions are available as a service subscription through more than 180 Internet service providers and mobile operator partners around the world, making F-Secure the global leader in this market. F-Secure has been listed on the NASDAQ OMX Helsinki Ltd since 1999. The company has consistently been one of the fastest growing publicly listed companies in the industry. The latest news on real-time virus threat scenarios is available at the F-Secure Data Security Lab weblog at</p>

Most Popular