I-Worm.Downadup is using the vulnerability MS08-67 to spread, below is some of the details what we have analyzed so far.
– The worm deletes user created System Restore points.
– It attempts to contact w3.org, ask.com, msn.com….
– It generates random domain names to download payload, the name are generated using the current date.
More information will be posted in our alert section.