Word of the Day: Tech Definitions from WhatIs.com

Jan 22 2009   2:29AM GMT

Overheard – Confliker / Downadup worm alert

Margaret Rouse Margaret Rouse Profile: Margaret Rouse

Security vendors from across the spectrum have warned that a stingy worm has been successfully exploiting a hole in Microsoft Windows server service. Known as Confliker or Downadup, the worm spreads by exploiting a remote procedure call (RPC) vulnerability.

Robert Westerfelt, Confliker, Downadup worm hype? Get the facts

There’s a new variant of the Conficker worm. It’s known as ‘Downadup.’ Microsoft issued a patch for the worm last October but it’s still spreading and mutating.

The worm, which some authorities say has been able to build the largest botnet on record,  works by exploiting a vulnerability in remote procedure calls that allows remote code to be executed once a vulnerable machine receives a specially crafted RPC request.  In plain English, this means that if an end user views a specially crafted Web page using Internet Explorer, his computer will request malicious code to be executed. Like many of its malicious predecessors, this worm denies infected machines Internet access to security vendor websites.

Microsoft added routines to clean up Conficker infections to the January edition of its Malicious Software Removal Tool.  Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. The National Cyber Alert System recommends that to prevent further infections by infected USB devices, users should disable the Windows auto-play feature.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: