Downadup Worm goes Nuclear

Downadup, also known as Conficker or Kido, exploits an RPC vulnerability found in Microsoft Windows in October. It is a stark reminder of the bad old days of network worms that spread with no user interaction. On XP systems, it requires no input from the user to spread from machine to machine. Once on an unpatched corporate network, it can quickly replicate using the RPC vulnerability, which spreads via ports 139 and 445. When announced in October the vulnerability still required user input on Vista systems to spread, however.

McAfee Avert Labs also says that the worm is using a Metasploit exploit for MS08-067 to spread.

What’s Hot on Infosecurity Magazine?