A Microsoft worm that is currently attacking business systems is also a USB worm, security vendor F-Secure has warned.

The worm , which F-Secure calls Downadup, attacks the vulnerability outlined in MS08-067 , a Windows Server service flaw that was patched in October.

The worm launches a dictionary attack to attempt to crack user passwords, and uses server-side polymorphism and modification to the Access Control Lists (ACL) "to make network disinfection particularly difficult", F-Secure said in a blog post on Tuesday .