10 March 2009
On Saturday, March 7, BitDefender detected a new and more aggressive version of the Downadup virus. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.C.
The new version is more resistant to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most anti-virus websites in order to hinder the user to disinfect the machine.
BitDefender is the first to offer a free tool which disinfects all versions of Downadup and is available for all infected users at bdtools.net. This domain is the first to serve a removal tool without being blocked by the e-threat.
The worm itself is not new, it made its first appearance in late November 2008, known under the names Conficker or Kido. The worm is also known for exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.
�BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,� said Vlad Valceanu, BitDefender�s senior malware analyst. �The worms then produce a fixed number of domain names on a daily basis and check them for updates. This makes it easy for malware writers and cybercriminals to upgrade a worm or give it a new payload as they only have to register one of the domains and then upload the files."
To stay up-to-date on the latest e-threats, sign-up for BitDefender�s RSS feeds.
MEDIA RELATIONS
[email protected]INDUSTRY ANALYST RELATIONS
[email protected]INVESTOR RELATIONS
[email protected]