The worm has a few names - the most common are: Downandup, Downadup, Conficker. The underlying problem (vulnerability) was found some time ago and Microsoft released an update in mid October. The worm came about by the turn of the year and the infection rate has been something extraordinary - estimated at about 9 million about a week ago.
It's not terribly hard to fix an infection with removal tools provided by a number of companies but the purpose of this worm in unclear and it has a remote-control mechanism. Consequently, the worm can produce a very large botnet. Huge. Much bigger than anything we have seen.
The original infection was somewhat new by installing from memory devices and tricking the user to actually do the installation. The worm is then spread automatically from the infected machine.
The worm is a mutating code piece of code - this is not a new technique but it's used to disguise the control mechanism making it harder to shutdown. The worm is also packed with self-defense measures making modifications to security and network settings.
Now what? Well, we'll see if the worm will in fact be used to marshal a botnet. If so, this sucker may pump a good deal of spam or conduct other mischief such as powerful distributed-denial-of-service (DDoS) attacks.
skip to main |
skip to sidebar
Commentary on issues related to the web and information security.
Blog Archive
-
▼
2009
(24)
-
▼
January
(10)
- Changes in the Web CMS Market
- Amazon Sales - Like a Rocket
- Examining the Case Against Web Apps
- Case Study: My iPhone
- IT Trends 2009
- Windows Infection - Possible Botnet
- What's Different with SaaS?
- iPhone and G1 Driving the Market
- Watch Out with Secure Certificates
- State of the Browser Market - Firefox Hits 20%
-
▼
January
(10)
