Tricky Windows Worm Wallops Millions

A sneaky computer worm that uses a virtual Swiss army knife of attack techniques has infected millions of Microsoft Windows PCs, and appears to be spreading at a fairly rapid pace, security experts warn.

Also, while infected PCs could be used for a variety of criminal purposes — from relaying spam to hosting scam Web sites — there are signs that this whole mess may be an attempt to further spread so-called “scareware,” which uses fake security alerts to frighten consumers into purchasing bogus computer security software.

The worm, called “Downandup” and “Conficker” by different anti-virus companies, attacks a security hole in a networking component found in most Windows systems. According to estimates from Finnish anti-virus maker F-Secure Corp., the worm has infected between 2.4 million and 8.9 million computers during the last four days alone.

If accurate, those are fairly staggering numbers for a worm that first surfaced in late November. Microsoft issued an emergency patch to fix the flaw back in October, but many systems likely remain dangerously exposed.

One reason for this is because businesses will generally test patches before deploying them on internal networks to ensure the updates don’t break custom software applications. In the meantime, an infected laptop plugged into a vulnerable corporate network can quickly spread the contagion to all unpatched systems inside that network.

But the worm also has methods for infecting systems that are already patched against the Windows vulnerability. According to an analysis last week by Symantec, the latest versions of Downadup copy themselves to all removable or mapped drives on the host computer or network. This means that if an infected system has a USB stick inserted into it, that USB stick will carry the infection over to the next Windows machine that reads it. That’s an old trick, but apparently one that is apparently still very effective.