The Downadup worm, referred to in some reports as “Conficker”, at last report from the SANS Institute, has infected over a million PCs within a 24-hour period, for a total to date of 3.5 million infections. The worm takes advantage of a flaw in the Windows Server service used by all versions of Windows, which was corrected in a patch released last October–so the good news is, if you keep up with patches like you’re supposed to, you don’t have anything to worry about. And the latest version of Microsoft’s Malicious Software Removal Tool was released on January 13, and this one will detect the worm and remove it. Unfortunately, according to reports, nearly a third of all Windows systems are unpatched, and this has led to the incredibly high number of infections. This is why I enable the auto-update feature, because I know that if it were left up to me to manually install patches, I, like most people, wouldn’t do it. Manual patch updates would get put into the same “around-to-it” bucket as organizing my desk, cleaning out the garage, and patching up all those little nail holes in the plaster.

The worm reportedly uses a brute force command to get Admin passwords on local networks, and it infects removable devices and network shares.

The SANS report further noted that the autorun contained “a lot of garbage” in the form of random binary data, which was inserted on purpose to fool some AV programs. The autorun file created by the worm also contains a sort of social engineering ruse. the first two keywords, Action and Icon, results in an Autoplay window poppping up (under Vista), generating a standard folder icon. The user may be tricked into clicking on it and allowing it, under the belief that they are simply opening a USB stick. However, the AutoPlay launches the worm, instead. And so, here’s lesson number two: Besides using the auto-update and keeping up with patches, pay attention to all those little “allow” windows that Vista puts in front of you! It’s tempting to click on them to make them go away, but they are there for a reason, and can prevent a dangerous infection.