Linux, Windows 7 Beta Could Be Hit By Downadup Worm

The Downadup/Conficker worm's ability to use the autoplay functionality to load up files from removable devices using a simple autorun.inf file can fool the user into installing malicious code on their machines.

This means that even Windows 7 Beta users could have been affected by the trickery as BBC confirmed in a news report.

While autoplay can be turned off and autorun.inf files removed, the users can easily be deceived by the pop up screen that appears once the removable storage device is plugged in.

Once loaded, the worm uses a complicated algorithm based on public websites such as Google and Baidu to contact their "home" servers and disables Windows Update automatically.

What is extremely smart is that the algorithm changes daily, pointing to different domain names every day (up to 250) and these are calculated using what amounts to a public key (server timestamps), similar to those used by security encryption solutions

There are also reports that more than 800 computers (out of a userbase of more than 7000) from the City Hospital Network of Sheffield have been compromised by the Conficker worm as the system administrators had decided to turn off Windows security updates.

Furthermore, there are rumours that even Linux could be affected by the Worm if they run Wine, an application that allows Linux to execute programs written for the Windows environment. In theory, the virus would only affect the Windows partition rather than the whole operating system.

Go To Page 2 for our comments and more related links

Our Comments

It would be great if someone could confirm the Linux rumours and Wine's autorun.inf capabilities. Downadup is a creepy piece of software and certainly one which will attract the attention not only of security outlets like Microsoft, Sophos or Symantec but also, and more worryingly, of organisations with less noble goals.

Related Links

Conficker Autoplay ruse gets teeth into Windows 7

(Theregister)

9.5 million PCs poised to strike

(PC Pro)

Watch Out For Downadup Worm’s Vista Tricks

(Efluxmedia)

PCs at five hospitals struck down by virus

(Silicon)

Downadup Virus Infects 1 Million PCs In One Day

(Efluxmedia)

Windows worm trickery for Vista

(BBC)

3.5 million Windows PCs infected by Downadup worm

(Networkworld)

Hospital PCs Infected with Fast-Spreading Worm

(ITbusinessedge)

F-Secure now claims nine million Conficker infections

(Heise)

Windows 7 beta affected by Vista viruses

(Neowin)

Malicious Autoplay in Windows 7 Can Trick Users into Getting Infected with Malware

(Softpedia)