Worm Downadup, mem-block sites in Antivirus

In fact since a few days this opportunity to read / get information about the worm Downadup on some blogs about the security / virus / antivirus, but I leave it because the news only dikira normal worm. But the fact that many proclaim about this worm because the worm was "terrible" and sophisticated.

Based on estimates of F-Secure, a new worm variant has been menginfeksi almost 9 million computers in just 4 days time. Amount not less for the long worm that has not appeared.

Original name is Worm Worm: W32/Downadup.gen have different names and aliases, such as: W32/Conficker.worm.gen (Symantec), Mal / Conficker (Sophos), Worm: Win32/Conficker (Microsoft). In addition, also known by the name Conflicker and Kido (example name: Worm: W32/Downadup.gen! A, Net-Worm.Win32.Kido.ih). This category includes Worm Malware running on Windows 32-bit, that is called the W32.
Distribution of worm

The spread of this worm through various ways, such as the Network / network share or on a weak password, can also be spread by creating a file autorun.inf which triggered the copykan to Flashdisk USB (drive) or other removable media. So should the windows autorun feature is turned off to prevent the addition of various other viruses.

world-map

Worm exploit this rift security for Windows menginfeksi victims, like the previous article What's with the Windows Security Update MS08-067. Worm will create a folder with a random name in the directory RECYCLER (the Recycle Bin is used to store the file that was deleted) also duplicate themselves in various other places.
Effect Downadup Worm

And that this may make me write this article, some visitors ebsoft written comments that they can not open the antivirus sites, and may cause this is a worm.

This worm is able to change / add a function of internal windows (TCP) to block access to sites security (security / antivirus), with a filter that has the characters address / text specific. And to eliminate the effect is not easy, because it may be spelled already low level programming level.

Worm is designed to protect themselves from detection by using anti-virus techniques that are used infrequently, protect themselves from the effort to remove, turn off windows update, restore point prior to infection, kill a certain network traffic, to optimize the features of Windows Vista to facilitate the distribution, is able to inject explorer . exe, svchost.exe and services.exe and other.

Sites on the block quite a lot, including the web using the text as follows (in the block can always display the message or Time Out when opening the site):

* Virus
* Spyware
* Malware
* Rootkit
* Defender
* Microsoft
* Symantec
* Norton
McAfee *
* Trendmicro
* Sophos
* Panda
* Etrust
* F-secure
* Kaspersky
* F-Prot
* NOD32
* Eset
* Grisoft
* Avast
* Avira
* Comodo
* Clamav
* Norman
* Pctools
* Rising
* Sunbelt
* Threatexpert
* Wilderssecurity
* Windowsupdate
* AVP
* Avg

It also sites other security.

Twitter Delicious Digg Facebook Stumbleupon RSS