Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 14th, 2009

More Than A Million PCs Infected Through A Month Old Windows Vulnerability In The Past 24 Hours

Finland-based security firm F-Secure Corp. estimated Wednesday that 3.5 million PCs have been compromised by the “Downadup” worm, an increase of more than 1.1 million since Tuesday. The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft Corp.’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008. Yesterday, F-Secure said the worm had infected an estimated 2.4 million machines.

The computer worm exploits a months-old Windows bug. The highest number of infection reports had come from the U.S., Canada, Mexico, Korea and several European countries, including the U.K., France and Germany. Microsoft issued an emergency patch in late October, fixing the flaw with one of its rare “out of cycle” updates.

Yesterday, F-Secure also reported that it was spying on Downadup’s command-and-control process by registering domains it thought the worm would try to use to download additional malware to infected PCs. The worm generates hundreds of possible domain names daily using a complex algorithm, said Mikko Hypponen, F-Secure’s chief research officer. It’s not clear whether the hackers behind Downadup are building a botnet of their own, said Joe Stewart, a senior security researcher at SecureWorks Inc., in an interview today. For the moment, they seem satisfied with feeding victims fake security software, which pesters users with pop-ups until they pay for the worthless program.

Security firms have tried to preempt hackers by registering domains that they may use, but with mixed results. Last November, FireEye Inc. tried to stay ahead of criminals operating the “Srizbi” botnet by registering several hundred domains being used to resurrect the infected PC army, but had to give up the game when it got too costly.

The soaring number of infections by Downadup (also called “Conficker”) prompted Microsoft to add detection for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines on Patch Tuesday. The MSRT scans for known malware, then scrubs the system of any it finds.

Microsoft recommended that Windows users install the October update, then run the January edition of the MSRT to clean up compromised computers.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Fake iPhone Unlocking App Changes DNS And Hijacks Internet Connection
  • Spam Volumes Increase Again, Soon To Be Powered By At Least 10 Millions Of Infected Conficker Bots
  • Facebook Bug Allowed Chats To Be Eavesdropped
  • Days Before Conficker Outbreak Researchers Detect An Easy Detection Method For Infected Machines
  • Government And Corporate Systems Found On 1.9 Million Infected Computers Network

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: More Than A Million PCs Infected Through A Month Old Windows Vulnerability In The Past 24 Hours

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.