Microsoft, Symantec, VeriSign join forces to fight Downadup worm

Microsoft offers $250,000 for info on hackers; ICANN involved in effort, too

1 2 Page 2
Page 2 of 2

Symantec has used that approach to gauge the current strength of the worm. According to Egan, over the last five days, Symantec has monitored an average of 453,000 different IP addresses infected a day with Downadup.a, the original November version, and 1.74 million more IP addresses infected a day with Downadup.b, the more virulent variant that debuted in late December 2008.

Together, the two versions have infected an average of nearly 2.2 million PCs daily.

Egan declined to say whether the group would be able to completely disable the worm's control mechanism, but said the consortium's formation does not mean that researchers have new information about what malicious tasks the infected PCs might be told to perform. "We have no indication of its purpose as of yet," he said.

Even so, Symantec sounded worried.

"The millions of systems infected by Downadup pose a risk to Internet users as well as to the infrastructure of the Internet," the company said in a long post to its security blog. "Under the control of attackers, the millions of infected systems could be used to launch distributed denial-of-service attacks against specific users or organizations, crippling their ability to function on the Internet. Additionally, the infected systems could be used to deploy further threats, such as seeding a new worm that targets a more recent or undisclosed vulnerability."

Last month, Microsoft refreshed its Malicious Software Removal Tool (MSRT), an anti-malware utility that cleans infected Windows PCs, with a signature for Downadup. Microsoft rarely reacts with a new MSRT signature as fast as it did in January.

The company has not responded to a questions about how many PCs the MSRT has scrubbed of Downadup.

While Downadup uses several attack strategies -- including using USB storage devices, such as flash drives, to spread -- one of its primary infection vectors is by exploiting a Microsoft vulnerability that the company patched with an "out-of-cycle" update in late October 2008.

Copyright © 2009 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon