Friday, January 23, 2009

Downadup worm now infects 1 in every 16 PCs, says Panda Security

Here is a removal tool from Symantec in case you are already infected. If you use Windows here is info on prevention that works: http://www.us-cert.gov/cas/techalerts/TA09-020A.html
http://www.innovations-report.de/bilder_neu/5009_virengalerie_illus_worm.jpgScans show 6% of PCs already hit with worm; figure may be as high as 30%
January 21, 2009 (Computerworld) The computer worm responsible for the biggest attack in years has infected at least one out of every 16 PCs worldwide, a security company said today, and it may have managed to compromise as many as nearly one in three.

According to Panda Security, almost 6% of the Windows systems scanned with its antivirus technology were found to be infected with "Downadup," a worm that began aggressive attacks just over a week ago. Panda was one of the first security firms to sound an alarm over Downadup when it raised its security threat level on Jan. 12 as reports of attacks mounted.

... On a related note, the U.S. Computer Emergency Readiness Team (US-CERT) today said that Microsoft's advice for disabling Windows' "Autorun" feature is flawed and leaves users open to attack from the worm. - compworld

The worm that's infected millions of Windows PCs is a "very well-engineered" piece of malware, according to one security expert. But researchers still have no clear idea what the hackers plan to do with the collection of computers they've compromised with "Downadup."

"This is a very well-engineered piece of software," said Alfred Huger, vice president of development at Symantec Corp.'s security response group. "It's very well thought out. Whoever wrote it, it's not their first time writing malware. It looks as if the author has had a great deal of experience writing software, and is fully versed in writing network-level code."

Downadup, also called "Conficker," has infected an estimated 6% of PCs worldwide. The worm spreads by exploiting a four-month-old vulnerability in Windows, by brute-force password attacks and by hitchhiking on USB devices like flash drives.

Huger was impressed by the technical chops of Downadup's maker, or makers. "The worm itself is very complex," he said. "At the byte level, it implements [things] in some novel ways." Compared to most malware, which Huger said is "written off the cuff," Downadup is downright elegant.

And effective. Most researchers, including those at Symantec, have said the worm is the most invasive seen in the last six years. "At a basic level, it tends to perform well, and that's helped it spread," said Huger.

But much more than hacker craft made Downadup a success, Huger maintained. Other elements, including timing, the countries at the top of the attack list and even software piracy rates contributed.

"They put this together in a very brief period of time," Huger said, referring to the spotting of the worm's first variant just three weeks after Microsoft issued an emergency patch.

via Researchers wait for Downadup worm's second act.

No comments: