I often remind people to make sure they keep their operating systems up-to-date as well as other software — especially antivirus software! The main reason being that unscrupulous people use software vulnerabilities to spread viruses. Well, if you’re one of those that is lax about updating your software it may be too late for you and over 9 million others.

The Downadup worm spreads by exploiting the Microsoft Windows Server Service. While that sounds like it may only apply to Servers, it is one Windows computer.

According to F-Secure.com the Downadup worm is “A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.”

It makes a whole lot of changes to your registry. The worm then connects to various websites to spread its nasty self. Security experts say it’s the biggest worm attack in years!

Because this is a multiple attack you’ll need to do several things to protect yourself.

1)   If you haven’t already done it you’ll need to update with the MS08-067 patch. If you have Windows Update set to automatically download and install patches, you should be alright. You can check to make sure by bringing up Windows Update, then click “Review your update history” and look for security update “KB958644.”

2)  If you are installing the patch right now, Microsoft suggests that you also download the most recent version of it’s Malicious Software Removal Tool. It will detect and delete the Downadup Infections.  It’s a free tool that was updated just last week.

3)  Another way the worm propagates is once it is connect to a network it spreads from machine to machine by trying to guess the administrative password. So it’s important to use a strong password. Graham Culey, a senior consultant for Sophos included a list of passwords that Downadup uses in his company blog last friday — obviously if your password is on the list it should be changed immediately. Your password should be changed periodically as well.

4)  Finally, the worm immediately spreads to USB devices, typically flash drives, connected to the compromised computer by copying a file called “autorun.inf” to the root of the device. The file takes advantage of Windows Autorun and Autoplay commands to spread the worm to any machine that a flash drive, camera or other USB device is plugged into. Experts recommend disabling both Autorun and Autoplay in Windows.

If you have any questions let me know in the comments section below.