spread How does the Conficker worm spread? The Conficker worm spreads by copying itself to the Windows system folder. It might also spread through file sharing and through removable drives, such as USB drives (also known as thumb drives especially those with weak passwords. The worm adds a file to the removable drive so that when the drive is used, the Auto Play dialog box will show one additional option. In the following screenshot of the Autoplay dialog box, under Install or run program, the option Open folder to view files Publisher not specified was added by the worm. The option that is highlighted, Open folder to view files using Windows Explorer, is the option that Windows provides and the option you should use. If you select Open folder to view files Publisher not specified, the worm runs and begins to spread itself to other computers. Back to top Â.
If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed. Select type of offense: Offensive: Sexually explicit or offensive language Spam: Advertisements or commercial links Disruptive posting: Flaming or offending other users Illegal activities: Promote cracked software, or other illegal content Comments: (optional) Submit cancel.
/ Security Response/ W32. Downadup Add Add Bookmark or Share Google+ Technorati Digg Delicious Reddit Stumble Upon Twitter Linked In Facebook Newsvine summary technical details removal Download Removal Tool| Printer Friendly Page Discovered: November 21, 2008 Updated: May 20, 2013 PM Also Known As: Win32/ Conficker. A [ Computer Associates], W32/ Downadup. A [ F- Secure], Conficker. A [ Panda Software], Net- Worm. Win32. Kido.bt [ Kaspersky], WORM_ DOWNAD. AP [ Trend], W32/ Conficker [ Norman] Type: Worm Infection Length: Varies Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP CVE References: CVE W32. Downadup, also known as Conficker by some news agencies and antivirus vendors, is an extremely interesting piece of malicious code and one of the most prolific worms in recent years. It has an extremely large infection base – estimated to be upwards of 3 million computers - that have the potential to do a lot of damage. This is largely attributed to the fact that it is capable of exploiting computers that are running unpatched Windows XP SP2 and Windows 2003 SP1 systems. Other worms released over the past few years have largely targeted older system versions, which have an ever decreasing distribution. Infection W32. Downadup spreads primarily by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability ( BID 31874 which was first discovered in late- October of 2008. It scans the network for vulnerable hosts, but instead of flooding it with traffic, it selectively queries various computers in an attempt to mask its traffic instead. It also takes advantage of Universal Plug and Play to pass through routers and gateways. It also attempts to spread to network shares by brute-forcing commonly used network passwords and by copying itself to removable drives.
Download Now