A Microsoft worm that is currently attacking business systems is also a USB worm, security vendor F-Secure has warned. The worm, which F-Secure calls Downadup, attacks the vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post.

Source:→ ZDNet