Nearly 9 Million PCs Hit By 'Downandup' Worm
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
The network worm is a bunch of malware variants that target older Windows machines and changes itself, or is changed by its authors, to prevent signature-based detection.
A network worm has been spreading rapidly across the Internet over the past week, despite an emphatic warning from Microsoft (NSDQ: MSFT) last October. In October, Microsoft took the unusual step of issuing an out-of-band Security Bulletin, MS08-067, for a vulnerability affecting its Server service.
Microsoft's concerns have proven to be well founded. The MS08-067 Worm, also known as "Downadup" and "Conflicker," has been spreading like the plague.
"The number of Downandup infections are skyrocketing based on our calculations," F-Secure's Toni Kovunen said in a blog post Friday. "From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing."
"The situation with Downandup is not getting better," he added. "It's getting worse."
Strictly speaking, Downandup isn't just one worm -- it's a bunch of variants. Modern malware changes itself, or is changed by its authors, to prevent signature-based detection.
F-Secure began receiving reports about the Downandup worm in early January. The company's researchers observed that it used server-side polymorphism -- mutating code -- and ACL (access control list) modification to make network disinfection more difficult.
Plenty of malware makes use of local polymorphism, by randomizing the names of malicious files, for example. But Downandup uses randomized network paths for its command-and-control servers, making its control mechanism harder to shut down.
The worm also takes steps to defend itself by disabling various Windows security, updating, and networking features. It blocks access to security-related domains on the Internet. And it modifies networking settings to speed up its ability to copy itself to other computers.
More info found here.
Article submitted by: Taut
Last Update: 01-16-2009
Category: Technology
A network worm has been spreading rapidly across the Internet over the past week, despite an emphatic warning from Microsoft (NSDQ: MSFT) last October. In October, Microsoft took the unusual step of issuing an out-of-band Security Bulletin, MS08-067, for a vulnerability affecting its Server service.
Microsoft's concerns have proven to be well founded. The MS08-067 Worm, also known as "Downadup" and "Conflicker," has been spreading like the plague.
"The number of Downandup infections are skyrocketing based on our calculations," F-Secure's Toni Kovunen said in a blog post Friday. "From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing."
"The situation with Downandup is not getting better," he added. "It's getting worse."
Strictly speaking, Downandup isn't just one worm -- it's a bunch of variants. Modern malware changes itself, or is changed by its authors, to prevent signature-based detection.
F-Secure began receiving reports about the Downandup worm in early January. The company's researchers observed that it used server-side polymorphism -- mutating code -- and ACL (access control list) modification to make network disinfection more difficult.
Plenty of malware makes use of local polymorphism, by randomizing the names of malicious files, for example. But Downandup uses randomized network paths for its command-and-control servers, making its control mechanism harder to shut down.
The worm also takes steps to defend itself by disabling various Windows security, updating, and networking features. It blocks access to security-related domains on the Internet. And it modifies networking settings to speed up its ability to copy itself to other computers.
More info found here.
Article submitted by: Taut
Last Update: 01-16-2009
Category: Technology
Current rating: 9 by 2 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(34,440 reads) 02-10-2011
· Free traffic service for your nuke site(11,089 reads) 12-17-2008
· Major flaw revealed in Internet Explorer(17,494 reads) 06-13-2007
· Directx 10 for XP(14,981 reads) 09-11-2006
· Intel's Core 2 Quadro Kentsfield: Four Cores on a Rampage(15,293 reads) 08-01-2006
· Windows Media Player 11 Beta.(15,565 reads) 08-01-2006
· Microsoft to charge for Office beta.(15,211 reads) 07-24-2006
· AMD and ATI to Create Processing Powerhouse(15,300 reads) 07-14-2006
· Firefox 2.0 Beta available.(16,630 reads) 04-25-2006
· New IE Beta(15,643 reads) 04-07-2006
· PayPal Launches Mobile Service
Please register or sign-in to post comments.