Antivirus software

Safeguard Your PC Against the Downadup Worm

Flash Drives Vulnerable

And the worm can spread from flash drives, too? Yes.

From the moment Downadup infects a PC, it copies a file, named "autorun.inf" to the root of any USB storage devices, typically flash drives, that are connected to the compromised computer. That filename takes advantage of Windows' Autorun and Autoplay features to copy the worm to any machine that the flash drive, camera or other USB device is plugged into. Downadup will infect that PC when the drive or device is connected, or when the user double-clicks the device's icon within Windows Explorer or from the desktop.

Security experts have recommended that users disable both Autorun and Autoplay in Windows.

A December blog post by Symantec researcher Ben Nahorney spells out how to disable Autoplay, while a separate post on the Hackology blog outlines how to turn off Autorun by editing the registry.

What are the signs that my PC has been hit? Microsoft's advisory about Downadup lists several symptoms of infection, including:

  • Account lockout policies are being tripped (because your password's been hijacked, then changed by the attacker)

  • Automatic Updates are disabled (because Downadup tries to keep the PC unpatched by turning off Windows Update's automatic update, as well as Background Intelligent Transfer Service (BITS), the Windows component used by Windows Update to actually deliver the updates)

  • Various security-related Web sites cannot be accessed (because Downadup blocks access to a whole host of security companies' sites in an effort to prevent anti-virus software from being updated, which could result in the worm's detection and eradication)

If your PC is exhibiting any of these symptoms -- or the others that Microsoft spells out here -- the company recommends that you immediately use the MSRT to clean the machine.

You can download the MSRT from Microsoft's site, or follow these instructions posted to its support site that walk administrators through the steps to deploy the tool in enterprise environments.

Subscribe to the Daily Downloads Newsletter

Comments