Downadup Worm Hits Over 3.5 Million Computers

January 16, 2009 by John Messina weblog
Windows bulletin MS08-067

(PhysOrg.com) -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying to connect to various Web addresses. The worm then looks for an active Web server at one of these domains and downloads and runs a particular executable file. This allows the malware to do whatever it wants with all of the infected computers.

The Downadup uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. The worm then generates many possible domain names every day.

Names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org. It would be impossible to shut them all down because there's just too many and most of them aren't even registered. The bad guys running the show only need to register one domain for the day, register it, and set up a website. From there they can gain access to all of the infected machines.

In order for the F-Secure Response Team to determine just how many machines are infected, they will register some of the possible domains and connect to the infected machines.

Right now the Response Team is seeing hundreds of thousands of unique IP addresses connecting to the domains they have registered. A large portion of that traffic is coming from corporate networks, through firewalls, proxies, and NAT routers. This clearly shows that one unique IP address can be connected to thousands of corporate machines.

All this could have been avoided if more users had patched the vulnerability in how Windows processes remote procedure call (RPC) requests by the Windows Server service. Microsoft issued a critical out-of-band patch, bulletin MS08-067, to fix this problem.

Microsoft Security Bulletin MS08-067: www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

© 2009 PhysOrg.com

Explore further: Thunderstrike 2: Proof-of-concept worm could infect Macs

Related Stories

Thunderstrike 2: Proof-of-concept worm could infect Macs

August 4, 2015

Two researchers, Xeno Kovah co-founder of LegbaCore and Trammell Hudson, a security engineer with Two Sigma Investments, have created a proof of concept worm capable of attacking Mac computers. The worm which they designed ...

Conficker Worm Prepares For A New Release On April 1

March 27, 2009

(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business ...

Exploring a parasitic tunnel boring machine

June 15, 2014

Researchers have deduced essential biological and genetic information from the genome sequence of the whipworm, an intestinal parasitic worm that infects hundreds of millions of people in developing countries.

A new way to protect computer networks from Internet worms

June 4, 2008

Scientists may have found a new way to combat the most dangerous form of computer virus. The method automatically detects within minutes when an Internet worm has infected a computer network. Network administrators can then ...

Conficker worm hits hospital devices

April 30, 2009

A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat.

Conficker worm digs in around the world

April 1, 2009

Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.

Recommended for you

Swiss unveil stratospheric solar plane

December 7, 2016

Just months after two Swiss pilots completed a historic round-the-world trip in a Sun-powered plane, another Swiss adventurer on Wednesday unveiled a solar plane aimed at reaching the stratosphere.

Solar panels repay their energy 'debt': study

December 6, 2016

The climate-friendly electricity generated by solar panels in the past 40 years has all but cancelled out the polluting energy used to produce them, a study said Tuesday.

Wall-jumping robot is most vertically agile ever built

December 6, 2016

Roboticists at UC Berkeley have designed a small robot that can leap into the air and then spring off a wall, or perform multiple vertical jumps in a row, resulting in the highest robotic vertical jumping agility ever recorded. ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.