Flash Drives Vulnerable
And the worm can spread from flash drives, too? Yes.
From the moment Downadup infects a PC, it copies a file, named "autorun.inf" to the root of any USB storage devices, typically flash drives, that are connected to the compromised computer. That filename takes advantage of Windows' Autorun and Autoplay features to copy the worm to any machine that the flash drive, camera or other USB device is plugged into. Downadup will infect that PC when the drive or device is connected, or when the user double-clicks the device's icon within Windows Explorer or from the desktop.
Security experts have recommended that users disable both Autorun and Autoplay in Windows.
What are the signs that my PC has been hit? Microsoft's advisory about Downadup lists several symptoms of infection, including:
Account lockout policies are being tripped (because your password's been hijacked, then changed by the attacker)
Automatic Updates are disabled (because Downadup tries to keep the PC unpatched by turning off Windows Update's automatic update, as well as Background Intelligent Transfer Service (BITS), the Windows component used by Windows Update to actually deliver the updates)
Various security-related Web sites cannot be accessed (because Downadup blocks access to a whole host of security companies' sites in an effort to prevent anti-virus software from being updated, which could result in the worm's detection and eradication)
If your PC is exhibiting any of these symptoms -- or the others that Microsoft spells out here -- the company recommends that you immediately use the MSRT to clean the machine.
This story, "Safeguard Your PC Against the Downadup Worm" was originally published by Computerworld.