Sunday, January 18, 2009

Tricky virus infects nine million PCs


Contact Us

Download Downadup Removal Tool

Worm Exposes Comps To Hijack

A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than nine million computers in what industry analysts say is one of the most serious infections they have ever seen.

The sneaky worm uses a virtual Swiss army knife of attack techniques to infect Microsoft Windows PCs, and appears to be spreading at a fairly rapid pace. The worm, called “Downadup” and “Conficker” by different anti-virus companies, attacks a security hole in a networking component found in most Windows systems, the Washington Post reported on Saturday. According to estimates from Finnish anti-virus maker F-Secure Corp, the worm has infected between 2.4 million and 8.9 million computers during the last four days alone.

If accurate, those are fairly staggering numbers for a worm that first surfaced in late November. Microsoft issued an emergency patch to fix the flaw back in October, but many systems likely remain dangerously exposed. One reason for this is because businesses will generally test patches before deploying them on internal networks to ensure the updates don’t break custom software applications. In the meantime, an infected laptop plugged into a vulnerable corporate network can quickly spread the contagion to all unpatched systems inside that network.

But the worm also has methods for infecting systems that are already patched against the Windows vulnerability. According to an analysis last week by Symantec, the latest versions of Downadup copy themselves to all removable or mapped drives on the host computer or network. This means that if an infected system has a USB stick inserted into it, that USB stick will carry the infection over to the next Windows machine that reads it. That’s an old trick, but apparently one that is apparently still very effective.

Security experts say the worm instructs infected hosts each day to visit one or more of about 250 potential control servers—basically, pseudo-random domain names—in order to download instructions or malicious software updates from the worm’s authors. With such a system, security experts would have to register all 250 domains each day in order to kill off the worm, a costly and untenable solution. In contrast, the worm authors need only register one of those 250 domains to update all infected systems with new instructions and software.


It is the most serious large scale worm outbreak we have seen in recent years because of how widespread it is. So far it doesn’t try to steal personal information or credit card details.


Large infections in Europe, the US and in Asia have been reported. It is a Windows worm and almost all the cases are corporate networks.

Download Downadup Removal Tool


Post a Comment

Related Articles

Related Article Widget by Hoctro

About Me


Hi, I am Hua, a chinese expat residing in India excited about windows, linux and all things tech

Receive updates for free

Enter your email address:

Delivered by FeedBurner

Mobile Version


Bookmark and Share

Blog Archive