Downadup worm disables antivirus tools
New variant designed to prolong the worm's existence on infected systems
Security experts have discovered a new variant of the dreaded Downadup worm that effectively disables anti-virus software and analysis tools.
“These early findings may suggest that the Downadup authors are now aiming for increasing the longevity of the existing Downadup threat on infected machines. Instead of trying to infect further systems, they seem to be protecting currently infected Downadup machines from antivirus software and remediation,” states Peter Coogan in Symantec’s Security Response blog.
Over the past few weeks there has been some success in cracking the domain-generation algorithm used by the worm to communicate with the command and control server. However it’s now revealed that the list of domains Downadup checks every day for updates and to download new code has expanded from 250 to a massive 50,000.
While the new Downadup worm variant is still in its early stages, users are advised to follow common security practices by keeping antivirus definitions up to date and running regular system scans.
Last month, Microsoft issued a $250,000 reward for information leading to the successful arrest and conviction of the worm’s authors.