Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Massive Botnet Building On Windows Hole

Posted by kdawson on from the so-patch-it-already dept.

CWmike writes "The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed 'Downad.a' by Trend (and 'Conficker.a' by Microsoft and 'Downadup' by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. 'We think 500,000 is a ballpark figure,' said Macalintal when asked the size of the new botnet. 'That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's... starting to grow.'"

3 of 223 comments (clear)

  1. Re:Idiots by LtGordon · · Score: 4, Informative

    Systems that do not pass WGA are only allowed access to "critical" updates.

  2. Re:Idiots by The+Bungi · · Score: 5, Informative

    Which this particular patch qualifies as.

  3. Re:Idiots by nabsltd · · Score: 4, Informative

    Auto-update works if you have a legitimate copy of Windows, and there are plenty of people using pirated copies of Windows which do not qualify for the "genuine advantage" required by Windows Update.

    If someone is already using a pirated copy of Windows as their desktop OS, then they probably wouldn't have a problem running a pirated copy of Windows 2003, either.

    In which case, they can then download Windows Server Update Services which doesn't require WGA to download. After installing WSUS on Win2K3, they can configure it to only download updates matching the pirated MS software they have, and then individually approve or reject updates. They would then configure all the systems to retrieve the approved updates from the WSUS server.

    By doing this, every update is available, and WGA is never installed on any of the systems.