Downadup worm infection rate may have peaked

Share this article:
The spread of the Downadup (or Conficker) worm, which has wreaked havoc on millions of computers across the world, appears to be slowing, researchers said Friday.

"Today seems better than the day before, and we think that growth of Downadup has been curbed," Sean Sullivan, a technical specialist with anti-virus firm F-Secure, said Friday on the company's blog.

Despite the slowdown, more than 10 million machines remain infected with the rampant malware, about one percent of which are located in the United States, F-Secure said. The outbreak is the biggest within corporations since Nimda in 2001.

Right now, the worm appears to be assembling a huge botnet as it sits quietly on compromised machines, only disabling access to Windows Server Update Services (WSUS) or to websites used to receive new anti-virus signatures, said Tom Cross, an X-Force team researcher at IBM ISS.

"The fear is that a new update will be pushed out [from the botmaster] with some additional capabilities," Cross said. "It could launch a denial-of-service attack. It could steal people's credit card numbers. It could destroy machines that are infected...Or maybe it won't do anything at all."

The worm became particularly potent earlier this month when a new variant began spreading by copying itself to removable media devices or to network shares by guessing weak passwords, according to Microsoft. Both propagation methods cannot be stopped by applying a patch from Microsoft, which only deters the spread of the worm through remote code execution.

"The thing that we are trying to get out there is that there's been a lot of focus on the Microsoft vulnerability, and we don't think this is the primary way it spreads," Cross said.

Sullivan said that as the infections slow, concern turns to effective removal. Anti-virus vendors offer solutions. Microsoft also has made disinfection possible through the most recent update of its Software Removal Tool.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.