W32.Downadup
Posted by: jasn [ITS Security] under Virus
May 26, 2009
Virus Notification/Information:
Source: Symantec (Outside Link)
Type: Worm
Aliases: Win32/Conficker.A [Computer Associates], W32/Downadup.A [F-Secure], Conficker.A [Panda Software], Net-Worm.Win32.Kido.bt [Kaspersky], WORM_DOWNAD.AP [Trend]
Platform: Windows
Distribution potential: Medium
Reported infections: Medium
Damage potential: Medium
Overall risk rating: Medium
Method(s) of Infection:
This virus is an executable and must be run by the user. It will often disguise itself as innocent files.
Description:
W32.Downadup is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).
Additional Info:
Number of Infections: 1000+
Number of Sites: 10+
Threat Containment: Moderate, This worm spreads easily. You may want to disconnect your computer to protect others until removed.
Removal: Moderate, This worm can sometimes be tricky to remove. Be sure your Anti-Virus is up to date before attempting.
Effect: Downloads other files on to the compromised computer. Downloading remote files may degrade network performance.
Target of Infection: Exploits a certain vulnerability in Windows (See Above).