Downadup Worm

Printable View

January 11th, 2009, 12:51 PM
nihil

Downadup Worm

Here is a new (9-Jan-2009) domain blocklist for the Downadup Worm, courtesy of F-Secure:

http://www.securityfocus.com/blogs/1566

:)

More info and a link to a disinfection tool here:

http://www.f-secure.com/weblog/archives/00001574.html
January 21st, 2009, 11:34 AM
unvi$ible

Hi Nihil,
Been away for a month from computer (my new world record) and read this article today in our newspaper :
http://www.news.com.au/heraldsun/sto...10-663,00.html
I can see you posted on 9/jan, look like things go little bit slower here.
Any obvious signs to look into?
January 24th, 2009, 07:37 PM
nihil

Here is some more recent news:

http://www2.journalnow.com/content/2...omputers/news/

It is estimated that some 9million computers have been affected so far.

http://www.news.com.au/technology/st...014239,00.html

http://www.computerworld.com/action/...ource=rss_news
January 27th, 2009, 01:33 PM
nihil

Update

OK make that 10,000,000 and rising. Pundits are now predicting a phase 2 payload distribution.

Quote:

The Downadup worm—also called Conflicker—has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon.

More here:

http://www.privacydigest.com/2009/01...next+shoe+fall

:eek:
January 29th, 2009, 09:35 AM
oofki

Aye according to Panda 1 in 16 are infected, I wonder if that is a record?!
February 1st, 2009, 10:49 AM
nihil

I hear that it is now at 15,000,000. In "raw scores" that probably is a record, as I think that the Storm worm got to around 10,000,000.

It is difficult to make comparisons though, as the computer population and number of internet users has been growing exponentially. With that there has been a proportionate increase in the number of people using pirated/unpatched software?

It does seem to be slowing up though.

The Microsoft Malicious Software Removal Tool now detects it. :)
February 2nd, 2009, 12:40 PM
nihil

Get Snorting

I am posting this here rather than as a new thread.

Quote:

COLUMBIA, Md., January 29, 2009 - Open source innovator and SNORT' creator, Sourcefire, Inc. (Nasdaq:FIRE), a leader in Enterprise Threat Management, today announced that its customers and Snort users have had zero-day protection from the rapidly spreading W32.Downadup/Conficker worm.

The article is here:

http://www.darkreading.com/security/...leID=213000041

:)

All times are GMT +1. The time now is 01:33 AM.