Home / / Downadup worm yet to deliver says F-Secure

Downadup worm yet to deliver says F-Secure

The Downadup worm, which has infected nine million PCs so far, has yet to deliver its payload security company warns

Security experts are warning that the Downadup worm, which is believed to have spread to several million PCs worldwide, has yet to trigger its payload.

The worm, which has spread much more rapidly than other recent malware, uses a complex algorithm to connect back to a host website of its creator, making it more difficult for security companies to block any possible activation.

Mikko Hypponen, chief research officer for F-Secure, told the BBC that while the number of infections seems to have slowed, there was risk that hackers could use the worm to create a massive botnet.

“It is scary thinking about how much control they [a hacker] could have over all these computers. They would have access to millions of machines with full administrator rights,” Hypponen said.

Downadup has been spreading through poorly secured networks and PCs, and via USB drives. A typical worm will normally attempt to connect to only a few website addresses controlled by its creator once it has infected a machine, in order to download and execute files to an infected machine. Downadup however, uses an algorithm, based on time and date, to create a fresh long list of possible websites every day, making it much harder for security companies to isolate the real address or addresses which will be used to activate the payload.

In a blog posting on the F-Secure site, Hypponen said that the company had been able to work out some of the possible domains, and had registered these addresses so it can monitor the worm, that it would also be possible for other, unscrupulous users to do the same and to effectively hijack the worm.

While the worm has mainly spread through China and South America, F-Secure has detected instances in Pakistan, Saudi Arabia, Turkey and Iran.

Users are advised to download the patch available from Microsoft, and to update their anti-virus software. Microsoft has also released recovery advice for infected machines here. http://support.microsoft.com/kb/962007http://www.microsoft.com/technet/s...


Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.