|Security vendors from across the spectrum have warned that a stingy worm has been successfully exploiting a hole in Microsoft Windows server service. Known as Confliker or Downadup, the worm spreads by exploiting a remote procedure call (RPC) vulnerability.
Robert Westerfelt, Confliker, Downadup worm hype? Get the facts
There’s a new variant of the Conficker worm. It’s known as ‘Downadup.’ Microsoft issued a patch for the worm last October but it’s still spreading and mutating.
The worm, which some authorities say has been able to build the largest botnet on record, works by exploiting a vulnerability in remote procedure calls that allows remote code to be executed once a vulnerable machine receives a specially crafted RPC request. In plain English, this means that if an end user views a specially crafted Web page using Internet Explorer, his computer will request malicious code to be executed. Like many of its malicious predecessors, this worm denies infected machines Internet access to security vendor websites.
Microsoft added routines to clean up Conficker infections to the January edition of its Malicious Software Removal Tool. Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. The National Cyber Alert System recommends that to prevent further infections by infected USB devices, users should disable the Windows auto-play feature.