Downadup Worm Exploits Flaw to Infect Millions of Windows Machines
A malevolent program or worm that uses a recently patched Windows flaw has compromised over a million computers in the past 24 hours (January 15, 2009), said the security firm F-Secure Corp.
The Finnish security company F-Secure Corp. on January 14, 2009 estimated that 3.5 Million computers had been infected by the "Downadup" worm, a rise of over 1.1 Million since January 13, 2009. The computer worm had previously infected around 2.4 Million PCs.
Security researchers of some security firms have reported that the worm, which has shown a significant growth over the last couple of days, uses a flaw in the Windows Server service. This service is utilized by all the versions of Microsoft's operating systems, such as Windows 2000, Vista, XP, Server 2008 and Server 2003.
After revelation of the flaw, Microsoft issued an emergency out-of-cycle security patch. According to researchers, users are aware about the criticality of the flaw and they hope that consumers would pay attention and fix the patch. Security experts also believe that only a small number of people would take the essential steps. Moreover, security experts are uncertain about the intention of the worm's writers and are afraid that it will convert into a botnet.
The news reports said that the malware's strongest point is its trait that enables worm-controlled PCs to download malware at random. In addition, the malevolent software produces addresses for 250 separate domains daily. The botnet controller needs to register any one domain and prepares a download server to update the bot code with various features.
Thus, security experts find it unfeasible or impractical to close down all of them. The malware authors needs to target another potential domain for the following day, register it and create an internet site, and then can access all the compromised PCs. Furthermore, there are possibilities that PCs infected with Downadup would be transformed into bots, creating a nasty botnet,
Similarly, Symantec has also reported several infections by Downadup. As per the firm, over 600,000 systems are reported to have been compromised by the malware within a period of 72-hours. Nearly all the PCs were running Windows XP.
» SPAMfighter News - 31-01-2009