[Owasp-singapore] FW: WORM_Downad.KK - Activates on April Fool's Day

spawn of soul calibur ruel555 at hotmail.com
Mon Mar 30 00:47:47 EDT 2009

Hi All,


Just want to check what measures have your company took to address this? Thanks!



----- Forwarded Message ----
From: Trend Micro APAC <info at newsletters.trendmicro.com>
To: ruel555 at yahoo.com
Sent: Wednesday, March 25, 2009 4:42:44 PM
Subject: WORM_Downad.KK - Activates on April Fool's Day



WORM_Downad.KK –Activates on April Fool’s Day 
March 23, 2009  


Dear customers,


Trend Micro would like to caution about a possible widespread infection on April Fool’s day. Please read the details and recommended actions below for your information.



Worm_downad had infected more than 15 million computers, making it one of the widespread infections in recent times.


A new variant of worm_downad (aka Conficker) is expected to be launched on April Fool’s day.

Trend Micro detects this new variant as worm_downad.kk.  More information can be found at http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.KK&VSect=T.  Trend Micro detects this malware starting with pattern file 5.885.00.  


Compared to the old variants, worm_downad.kk is more sophisticated.  Here are a few of the payloads :

Connects to various time servers to determine the current date and time.
Register itself as a system service to ensure auto execution every startup.
Deletes a registry key to prevent system startup in safe mode.
Terminates security-related processes (i.e. procexp, regmon, autoruns, gmer etc.)
Blocks access to security and antivirus websites.
Generates 50,000 malicious URLs and attempts to connect to around 500 random generated URLs at a time.

Recommended Action

Enable Web Threat Protection
Make sure that you have the latest virus definitions (at least pattern file 5.885 .00 )
Run a FULL system scan to ensure that malware does not exist on your PC
Recommended Actions from External Sources

How to protect against internet threats when you surf online?
How to protect against threats when accessing Webmail?

Best regards,

Trend Micro APAC team


Copyright © 1989-2009 by Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. www.trendmicro.com

This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).
Click here to unsubscribe or update your email preferences.
Click here to view our permission marketing policy. Copyright 1989-2008 Trend Micro, Inc. All rights reserved 
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014 

Join the Fantasy Football club and win cash prizes here!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090330/2bbefffc/attachment.html 

More information about the Owasp-singapore mailing list