Commentary
The Downadup Worm Hits 3.5 Million
Security firm F-Secure says that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October.Security firm F-Secure says that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October.What makes this worm interesting is the ability its creators have put in place to update all of the infected machines each day. While most malware networks may have a few domains each infected machine will use to "call home" and get updates, the Downadup authors have created a system where an algorithm generates many different domains every day. Here's how F-Secure explained it in its blog post:
It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. With this algorithm, the worm generates many possible domain names every day.
More Security Insights
White Papers
More >>
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
Reports
More >>Webcasts
More >>
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org.
This makes it impossible and/or impractical for us good guys to shut them all down - most of them are never registered in the first place.
However, all the creators have to do is register one of the domains that will be generated, and they can update the worm do pretty much do whatever they wish. They could, for example, create a massive botnet to launch denial-of-service attacks from the 3.5 million systems. Or, they could use the worm to seed yet another massive worm infestation on additional PCS.
Of course, much of this this pain could have been avoided if more users had patched the vulnerability in how Windows processes remote procedure call (RPC) requests by the Windows Server service. In fact, in bulletin MS08-067, Microsoft issued a critical out-of-band patch to fix this flaw.
Too bad not enough of us listened.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
