Downadup worm now infects 1 in every 16 PCs, says Panda Security
Scans show 6% of PCs already hit with worm; figure may be as high as 30%
Computerworld - The computer worm responsible for the biggest attack in years has infected at least one out of every 16 PCs worldwide, a security company said today, and it may have managed to compromise as many as nearly one in three.
According to Panda Security, almost 6% of the Windows systems scanned with its antivirus technology were found to be infected with "Downadup," a worm that began aggressive attacks just over a week ago. Panda was one of the first security firms to sound an alarm over Downadup when it raised its security threat level on Jan. 12 as reports of attacks mounted.
Using data from antivirus scans performed by its consumer-grade security software and by a free online scanning tool that it makes available on its Web site, Panda found 111,379 PCs infected with the worm out of a pool of 2 million machines.
"I'm pretty confident in this number," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security, as he cautioned it was just a snapshot. "Conficker is still infecting high volumes of machines and is a fast-propagating worm."
Conficker is an alternate name for the Downadup worm.
In fact, Panda's estimate is probably very conservative, Sherstobitoff said, since the bulk of the infected computers were scanned when their owners took the time to steer their browsers to the company's online scanner.
"The 6% was of people coming to our site and opting in for the scans. That's somewhat scary," said Sherstobitoff. "If we were actually to look at the [general] population, all the people who don't have antivirus -- or if they do, who haven't updated definitions -- the infection rate might be in the range of 20% to 30%."
While there has been some disagreement among security researchers about Downadup's infection volume -- last week, for instance, some disputed F-Secure Corp.'s estimate of 8.9 million infected PCs -- there has been little argument about the relative size of the worm attack. Nearly every researcher has pegged it as the biggest in years.
Today, Panda joined the chorus. "This is the biggest in at least six years," said Sherstobitoff.
Luis Corrons, the technical director of Panda's research lab, put it in the same terms. "[This is] a phenomenon we haven't seen since the times of the great epidemics of Kournikova or Blaster," said Corrons in a statement, referring to major worm attacks of 2001 and 2003, respectively.
And things will get worse before they get better, both Corrons and Sherstobitoff predicted. "This is an epidemic, and the worst may still be to come, as the worm could begin to download more malware onto computers or to spread through other channels," Corrons said.
"We're still getting lots of reports of infections," echoed Sherstobitoff. "It could be a week or a week and a half before it slows down."
On a related note, the U.S. Computer Emergency Readiness Team (US-CERT) today said that Microsoft's advice for disabling Windows' "Autorun" feature is flawed and leaves users open to attack from the worm.
- Downadup worm now infects 1 in every 16 PCs, says Panda
- US-CERT: Microsoft's advice on Downadup leaves users open to attack
- FAQ: How to protect your PC against the Downadup worm
- 'Amazing' worm attack infects 9 million PCs
- 1 in 3 Windows PCs vulnerable to worm attack
- Researcher: Worm infects 1.1M Windows PCs in 24 hours
- 'Huge increase' in worm attacks plagues unpatched Windows PCs
- Microsoft releases emergency Windows patch to head off worm attack
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts