Downadup worm infection rate may have peaked

Share this article:
The spread of the Downadup (or Conficker) worm, which has wreaked havoc on millions of computers across the world, appears to be slowing, researchers said Friday.

"Today seems better than the day before, and we think that growth of Downadup has been curbed," Sean Sullivan, a technical specialist with anti-virus firm F-Secure, said Friday on the company's blog.

Despite the slowdown, more than 10 million machines remain infected with the rampant malware, about one percent of which are located in the United States, F-Secure said. The outbreak is the biggest within corporations since Nimda in 2001.

Right now, the worm appears to be assembling a huge botnet as it sits quietly on compromised machines, only disabling access to Windows Server Update Services (WSUS) or to websites used to receive new anti-virus signatures, said Tom Cross, an X-Force team researcher at IBM ISS.

"The fear is that a new update will be pushed out [from the botmaster] with some additional capabilities," Cross said. "It could launch a denial-of-service attack. It could steal people's credit card numbers. It could destroy machines that are infected...Or maybe it won't do anything at all."

The worm became particularly potent earlier this month when a new variant began spreading by copying itself to removable media devices or to network shares by guessing weak passwords, according to Microsoft. Both propagation methods cannot be stopped by applying a patch from Microsoft, which only deters the spread of the worm through remote code execution.

"The thing that we are trying to get out there is that there's been a lot of focus on the Microsoft vulnerability, and we don't think this is the primary way it spreads," Cross said.

Sullivan said that as the infections slow, concern turns to effective removal. Anti-virus vendors offer solutions. Microsoft also has made disinfection possible through the most recent update of its Software Removal Tool.
Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.