Downandup, Downadup, Kido!, Conficker: Update

For anyone unfamiliar with the worm known primarily as "Downandup / Conficker," here's a recap: it's a clever, nasty worm that's easy to get and hard to get rid of.

How does Downandup / Conficker work?

It works by modifying the way Windows "autorun" feature works, thus tricking users into running the virus. It further spreads through an entirely separate flaw in the Microsoft Windows network system.

The smart folks at Finland-based security firm F-Secure have a complete description of Downandup / Conficker that includes screenshots. It's a fairly straightforward read and especially well worth your time if you believe you're at risk (or may already have) this worm.

Christopher Null, writing for Yahoo! tech, says in his blog about Downandup / Conficker,

From an antivirus standpoint, fixing Downandup isn't easy. The worm is particularly problematic because of the tricky way it involves the user in installing the software, bypassing auto-installation safeguards, plus its sophisticated way of avoiding detection, as it morphs its code constantly (using randomized elements) to make traditional, signature-based detection almost impossible.

Now, while it is clever and sophisticated, it's not impossible to detect. Difficult? Yes. Impossible. No.

This is where using the best antivirus software really makes a difference. The best ones don't just rely on signatures.

Instead they also rely on heuristics to figure out things that match certain general patterns of malware and viruses and to stop them in their tracks.

The degree of sophistication the antivirus software makers put into their AV heuristic engines is a closely guarded secret for them and truly one of the things separating the top antivirus software from the second-rate ones out there.