aka Downadup.C http://www.pcmag.com/article2/0,2817,2343910,00.asp http://tech.yahoo.com/blogs/null/128643/be...9hslxsZKjgazJV4 Running scans and working on protecting my computer now. Turns out that our firewall has been off for about a year :lol:
This worm is by no means new, however, it's reach steadily growing. Also, if you keep your PC up to date, there is little chance of infection. It exploited a whole fixed in the Microsoft's ms08_067 advisory, and actually came out AFTER the advisory, meaning if you just updated you're fine. Now, it still spreads for removable media, but you should have disabled autoplay on all (elevated) accounts anyway.. Also, a virus scanner doesn't actually keep you safe ;D I'm not sure if I'm allowed to link you, but their ways of protection are fairly easy to bypass, and rootkits are getting more and more sophisticated. A good example would be Blue pill, Blue Pill @ InvisibleThings.org, bluepillproject.org EDIT - Typo EDIT 2 - I would also like to point out htat Blue Pill was written by Joanna Rutkowska, a WHITE HAT RESEARCHER! This is merely research/POC code, but it's message is clear. Joanna also released RedPill.c, which can detected whether you're running in a virtual environment has also been released by her.
New? this has been around since october, and this varient since early Feb, if you've installed all windows updates as soon as they are released and don't use autorun features for usb dives, you'll be fine. From a technical perspective, I'm quite excited to see what the payload will be on 01/04/09