This is a medium risk worm affecting all versions of the Microsoft Windows operating system and is also known as “Downadup”. The worm spreads via the Windows Server Service RPC exploit.
The worm will create a randomly named .dll file on infected computers. It will also remove Windows system restore points. The worm will then create a service called netsvcs and a new registry key.
The worm will also attempt to connect to remote servers and download files. The worm then continues to spread to other computers via the RPC vulnerability.
