Downadup worm yet to deliver says F-Secure
The Downadup worm, which has infected nine million PCs so far, has yet to deliver its payload, security company warns
Security experts are warning that the Downadup worm, which is believed to have spread to several million PCs worldwide, has yet to trigger its payload.
The worm, which has spread much more rapidly than other recent malware, uses a complex algorithm to connect back to a host website of its creator, making it more difficult for security companies to block any possible activation.
Mikko Hypponen, chief research officer for F-Secure, told the BBC that while the number of infections seems to have slowed, there was risk that hackers could use the worm to create a massive botnet.
“It is scary thinking about how much control they [a hacker] could have over all these computers. They would have access to millions of machines with full administrator rights,” Hypponen said.
Downadup has been spreading through poorly secured networks and PCs, and via USB drives. A typical worm will normally attempt to connect to only a few website addresses controlled by its creator once it has infected a machine, in order to download and execute files to an infected machine. Downadup however, uses an algorithm, based on time and date, to create a fresh long list of possible websites every day, making it much harder for security companies to isolate the real address or addresses which will be used to activate the payload.
In a blog posting on the F-Secure site, Hypponen said that the company had been able to work out some of the possible domains, and had registered these addresses so it can monitor the worm, that it would also be possible for other, unscrupulous users to do the same and to effectively hijack the worm.
While the worm has mainly spread through China and South America, F-Secure has detected instances in Pakistan, Saudi Arabia, Turkey and Iran.