Home › News › Security
Downadup worm infects 3.5 million PCs
The prolific worm uses a complex algorithm to develop a changing daily list of random domains – registered or not – which infected machines attempt to establish contact with. All its creators have to do is register one of the generated domains and then they can update the worm do pretty much do whatever they wish, such as stealing personal information or creating a massive botnet to launch DDoS attacks.
F-Secure managed to take a peek at the inner workings of the worm by registering one of the randomly generated domains. This has allowed them to analyze the connections that Downadup is making and, in fact, they have gained the ability to modify the worm’s update mechanism to remotely disinfect affected systems. However, for legal reasons, the company has decided not to do so.
The worm also executes a dictionary attack in an attempt to crack passwords and spread across machines on the same local area network, so administrators are advised not only to install Microsoft's latest security updates, but also to ensure that they are using strong passwords. Additionally, Microsoft has added detection to the latest version of its free Malicious Software Removal Tool, which is available here.
User Comments (9)
Post a comment|
captain828 on January 16, 2009 5:38 AM |
typo: DoS -> DDoS ? |
|
McCallum on January 16, 2009 7:23 AM |
Originally posted by captain828: typo: DoS -> DDoS ? I'm pretty sure you're correct.
|
|
techguy339 on January 16, 2009 7:33 AM |
Quote: "for legal reasons, the company has decided not to do so" And what would those legal reasons be?! |
|
Julio on January 16, 2009 8:19 AM |
Not necessarily. Denial-of-service attack (DoS attack) Distributed denial-of-service attack (DDoS attack) |
|
JosVilches on January 16, 2009 9:33 AM |
Originally posted by techguy339: Quote: Disinfecting those machines could be considered as unauthorized use of a PC, which is illegal in many jurisdictions.
"for legal reasons, the company has decided not to do so" And what would those legal reasons be?! |
|
captain828 on January 16, 2009 2:20 PM |
Originally posted by Julio: Not necessarily. so you're saying they had all those 3,5mil "zombies" in a single area?Denial-of-service attack (DoS attack) Distributed denial-of-service attack (DDoS attack) the difference between the two is that the later contains the "zombies" in multiple geographic locations, making it even harder to control From F-Secure.com: Today's total infection count is an estimated 3,521,230 infections worldwide. not trying to bash anyone here :\ [Edited by captain828 on 2009-01-16 14:28:22] |
|
JosVilches on January 16, 2009 3:13 PM |
Point taken, I've updated the story with the more accurate DDoS term. Though a distributed denial of service attack is still a denial of service attack :p |
|
captain828 on January 18, 2009 4:43 AM |
true... it's still a DoS  |
|
anguis on February 13, 2009 3:18 PM |
It's more likely that an attacker who is proficient in their trade will use a Distribution Reflection Denial of Service (DRDoS) attack, to be even more specific. Also, the legal conditions for F-Secure are as follows: Any breach of a personal computer within the USA without authorization, regardless of intent, is illegal. |
Most Popular
| Trending | Featured |
-
Chrome 17 released with "instant" browsing, improved security
-
Windows 8 Consumer Preview coming Feb. 29, bundled apps leaked
-
Apple sued for $1.6 billion for using "iPad" in China, apology requested
-
Intel Core i7-3820 Review: Sandy Bridge-E for the masses
-
Digital game purchases: do we really "own" them?