Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 11 MINUTES AGO.
You are here: Home / Computing / 'Updated' Worm Is Spreading Fast
'Updated' Worm Using Obama Spam To Spread Rapidly
'Updated' Worm Using Obama Spam To Spread Rapidly
By Patricia Resende / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
19
2009
A virus that is spreading with a vengeance is plaguing businesses in the new year. The Conficker worm, which caused havoc on Windows PCs in October, has come back to strike more than 3.5 million PCs in 24 hours under a new name, Downadup, according to security analysts.

The worm resurfaced earlier in the month, infecting Windows workstations and servers and causing a variety of problems for users.

Downadup consists of a family of network worms that are difficult to remove, especially when there is an infection inside a corporate network, according to F-Secure, a security company which first released warnings about the worm.

"First discovered in October 2008, Conficker, Kido or Downadup is a very sophisticated worm, but the updated version from two weeks ago is much more serious," said Jart Armin, a security specialist with HostExploit. "Essentially it becomes part of MS Windows services.exe, and then establishes an HTTP server from the infected PC."

Using the Inauguration

Armin added that the worm automatically generates hundreds of domain names to fool any tracking, but only one is the real site that downloads the malicious instruction set.

"It also enables replication via USB sticks and across office networks," Armin said. "It appears to be especially timed to take advantage of the holidays and lack of IT staff around."

Is there any help for victims of the Conficker? Some, according to security specialists.

One is to watch out for fake Barack Obama sites, according to F-Secure's blog. The company is seeing spam trying to use the presidential inauguration as a way to push spam and the Downadup-related activity.

E-mails have been sent around the world suggesting users follow links to Obama Web sites. Some fake Web sites that produce malware are store.greatobamaguide.com, store.superobamadirect.com and superobamaonline.com. And there are many more, according to F-Secure.

F-Secure has also posted the registered countries for the IP addresses causing harm and they include China, Brazil, Russia, India, the Ukraine, Italy, Thailand, Taiwan and Kazakhstan, to name a few. Most, however, originate in China, Brazil and Russia.

"The main fake Web site was superobamaonline.com, which has now been taken offline; however more are likely to appear," Armin said. "It shows registration via XIN NET Technology Corp. of China; however, this domain registrar has been primarily used by Russian cybercriminals."

"Essentially these fake Web sites are a 'fast-flux' botnet hosted around the globe, and the links via spam e-mail point to a file called speech.exe, which is a Waladec malware variant," he added.

Protecting and Avoiding

Updating your PC has never been more valuable than now, according Armin, who said consumers need the latest operating-system updates and patches.

As always, PC users and businesses also need to be sure to update antivirus software.

"Microsoft has patches. However the ongoing problem resides where many PCs do not have the latest MS patches, i.e. MS patch MS08-067, and estimates vary from one to nine million PCs infected worldwide," Armin said.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN COMPUTING

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.