Downadup worm now infects 1 in every 16 PCs, says Panda Security

Computerworld - The computer worm responsible for the biggest attack in years has infected at least one out of every 16 PCs worldwide, a security company said today, and it may have managed to compromise as many as nearly one in three.

According to Panda Security, almost 6% of the Windows systems scanned with its antivirus technology were found to be infected with "Downadup," a worm that began aggressive attacks just over a week ago. Panda was one of the first security firms to sound an alarm over Downadup when it raised its security threat level on Jan. 12 as reports of attacks mounted.

Using data from antivirus scans performed by its consumer-grade security software and by a free online scanning tool that it makes available on its Web site, Panda found 111,379 PCs infected with the worm out of a pool of 2 million machines.

"I'm pretty confident in this number," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security, as he cautioned it was just a snapshot. "Conficker is still infecting high volumes of machines and is a fast-propagating worm."

Conficker is an alternate name for the Downadup worm.

In fact, Panda's estimate is probably very conservative, Sherstobitoff said, since the bulk of the infected computers were scanned when their owners took the time to steer their browsers to the company's online scanner.

"The 6% was of people coming to our site and opting in for the scans. That's somewhat scary," said Sherstobitoff. "If we were actually to look at the [general] population, all the people who don't have antivirus -- or if they do, who haven't updated definitions -- the infection rate might be in the range of 20% to 30%."

While there has been some disagreement among security researchers about Downadup's infection volume -- last week, for instance, some disputed F-Secure Corp.'s estimate of 8.9 million infected PCs -- there has been little argument about the relative size of the worm attack. Nearly every researcher has pegged it as the biggest in years.

Today, Panda joined the chorus. "This is the biggest in at least six years," said Sherstobitoff.

Luis Corrons, the technical director of Panda's research lab, put it in the same terms. "[This is] a phenomenon we haven't seen since the times of the great epidemics of Kournikova or Blaster," said Corrons in a statement, referring to major worm attacks of 2001 and 2003, respectively.

And things will get worse before they get better, both Corrons and Sherstobitoff predicted. "This is an epidemic, and the worst may still be to come, as the worm could begin to download more malware onto computers or to spread through other channels," Corrons said.

"We're still getting lots of reports of infections," echoed Sherstobitoff. "It could be a week or a week and a half before it slows down."

On a related note, the U.S. Computer Emergency Readiness Team (US-CERT) today said that Microsoft's advice for disabling Windows' "Autorun" feature is flawed and leaves users open to attack from the worm.

Read more about security in Computerworld's Security Knowledge Center.