Downandup/Conficker worm infects 9 million PCs

We reported in a previous post that the Downandup/Conficker worm infection was spreading rapidly and it is continuing its infectious spread as we write this article now! It is estimated that it has possibly infected upwards of 20 million computers by now. It's been found under the names of Downandup, Downadup, Kido!, or Conficker all which are the same thing and appears to be spreading through infected USB drives.


This picture shows you what it looks like when it gets a chance to install itself on your computer....

Look closely and you will see two entries for "Open folder to view files." The top entry is a fake and if you click on that, the virus will be installed on your computer. You will find that the fake selection is the default when you connect a drive. Once it gets installed, it spreads at an alarming rate in a separate flaw in Windows networking system (now patched, so be sure to run Windows Update!).

Removing this can be a nightmare because of the way it tricks the user in to installing it, bypassing the auto-install safeguards; not to mention the fact that it's constantly changing itself (using randomized elements) to make traditional, signature-based detection almost impossible. Running a standard anti-virus scan should take care of the infection on a computer but if it infects a computer in a network, you may be looking at having to clean any servers connected to the network first, and then every computer connected as well.

How do you avoid getting this? Turning off the auto play/run feature in Windows XP is the first thing to do. If you see something like the picture included with this post, close it and eject the disk or drive as it is infected; browse the drive manually instead. Last but not least, make sure your Windows is fully up to date.