Downadup worm infection rate may have peaked

Share this article:
The spread of the Downadup (or Conficker) worm, which has wreaked havoc on millions of computers across the world, appears to be slowing, researchers said Friday.

"Today seems better than the day before, and we think that growth of Downadup has been curbed," Sean Sullivan, a technical specialist with anti-virus firm F-Secure, said Friday on the company's blog.

Despite the slowdown, more than 10 million machines remain infected with the rampant malware, about one percent of which are located in the United States, F-Secure said. The outbreak is the biggest within corporations since Nimda in 2001.

Right now, the worm appears to be assembling a huge botnet as it sits quietly on compromised machines, only disabling access to Windows Server Update Services (WSUS) or to websites used to receive new anti-virus signatures, said Tom Cross, an X-Force team researcher at IBM ISS.

"The fear is that a new update will be pushed out [from the botmaster] with some additional capabilities," Cross said. "It could launch a denial-of-service attack. It could steal people's credit card numbers. It could destroy machines that are infected...Or maybe it won't do anything at all."

The worm became particularly potent earlier this month when a new variant began spreading by copying itself to removable media devices or to network shares by guessing weak passwords, according to Microsoft. Both propagation methods cannot be stopped by applying a patch from Microsoft, which only deters the spread of the worm through remote code execution.

"The thing that we are trying to get out there is that there's been a lot of focus on the Microsoft vulnerability, and we don't think this is the primary way it spreads," Cross said.

Sullivan said that as the infections slow, concern turns to effective removal. Anti-virus vendors offer solutions. Microsoft also has made disinfection possible through the most recent update of its Software Removal Tool.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.