“Changeup” Worm infecting SMB’s and large businesses worldwide

Date protectionFew businesses want worms invading the premises, but night crawlers are probably preferable to what office supply retailer Staples has had to contend with during the past week.  The company, based out of Framingham, Massachusetts, was forced to lock down its computer systems after it realized that shared drives were infected with the Changeup worm.

The firm notified employees of the data security problem via email, an ironic choice considering the fact that Changeup infections are often spread in the same way.  Computers may also become infected with the Changeup worm when users click on malicious links contained on social media networking sites.  Last November, computer security expert Symantec issued a warning about the Changeup worm, citing an increase in the total number of infections that it detected.

Once the worm has managed to infect a system, it spreads itself onto both mapped and removable drives in a bid to propagate still further.  The malware has been dubbed the Changeup worm because the author of it has continued to alter it in order to keep one step ahead of programs such as anti-virus and anti-spyware suites, which aim to provide computer systems with data protection by neutralizing and quarantining malware.

Threat management expert Marc Maiffret commented on the ways in which businesses can protect themselves against threats such as the Changeup worm, saying: “Malware doesn’t discern between consumers and corporations.  If companies were doing the right things such as egress filtering to control executables coming in and out of the environment, they should be able to safely mitigate this type of malware.”

Staples has yet to comment on whether or not the incident put any consumer data at risk.  Businesses, large and small, often make efforts to keep such data off shared drives, but in some cases they fail to implement such a policy consistently.

Take our Free Security Audit

Take advantage of this FREE OFFER for a proactive review of your computer network systems.  Gain the knowledge you need to be able to manage your system’s integrity and security with this 27 point System Analysis.