BitDefender Enterprise Manager  v2.6v2.5

Presents the improvements and bug fixes available in BitDefender 8 Standard and BitDefender 8 Professional Plus since April, 7th 2005.

This article describes how to update BitDefender 8 under restricted users. This article applies to BitDefender 8 stand-alone (Standard and Professional Plus) and BitDefender Client (Standard and Professional Plus).

This documents presents the update system for virus signatures used in the BitDefender products.

This document explains the I/O errors statistics included in the scan reports.

1. It creates files autorun.inf and RECYCLED\{SID<....>}\RANDOM_NAME.vmx on removable drives and on public network shares

2. It stores itself in the system as a DLL-file with a random name in c:\windows\system32\

3. It registers itself in system services with a random name, creating the following service:

Name: netsvcs

ImagePath: %SystemRoot%\\system32\\svchost.exe -k netsvcs

Then the worm creates the following registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsvcs\Parameters\"ServiceDll" = "[PathToWorm]"

4. The worm deletes any user-created System Restore points.

5. It tries to attack network computers via random ports, using Microsoft Windows vulnerability MS08-067. The worm then creates a http server on the compromised computer on a random port, for example:

http://[EXTERNAL IP ADDRESS OF INFECTED MACHINE]:[RANDOM PORT]

6. Upon successful exploitation, the other computer will then connect to this URL and download the worm spreading the infection.

7. Downadup then contacts several domains and tries to download additional files onto the compromised computer.