1. /
  2. Security Response/
  3. W32.Downadup.B

W32.Downadup.B

Risk Level 2: Low

Discovered:
December 30, 2008
Updated:
May 14, 2012 2:18:55 PM
Also Known As:
Worm:W32/Downadup.AL [F-Secure], Win32/Conficker.B [Computer Associates], W32/Confick-D [Sophos], WORM_DOWNAD.AD [Trend], Net-Worm.Win32.Kido.ih [Kaspersky], Conficker.D [Panda Software]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
CVE References:
CVE-2008-4250
W32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak passwords and block access to security-related Web sites.

Note: For more information, please see the following resource:
W32.Downadup

Antivirus Protection Dates

  • Initial Rapid Release version December 30, 2008 revision 021
  • Latest Rapid Release version December 27, 2011 revision 007
  • Initial Daily Certified version December 30, 2008 revision 024
  • Latest Daily Certified version December 27, 2011 revision 017
  • Initial Weekly Certified release date December 31, 2008
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Medium
  • Number of Infections: 1000+
  • Number of Sites: 10+
  • Geographical Distribution: Medium
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Medium
  • Modifies Files: Modifies the tcpip.sys file.

Distribution

  • Distribution Level: Medium
  • Shared Drives: Attempts to spread to network shares protected by weak passwords.
  • Target of Infection: Spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874)
Writeup By: Sean Kiernan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver