Slashdot Mirror

← Back to Stories (view on slashdot.org)

Downadup Worm — When Will the Next Shoe Drop?

Posted by timothy on from the it-looks-like-you're-using-windows dept.

alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."

3 of 295 comments (clear)

  1. its not hard by madcat2c · · Score: 5, Informative

    Use a hardware router, use a real anti-virus program that actually publishes updates everyday (Nod32 for me), and use a browser where you can kill anything that tries to auto install itself (firefox, chrome, etc).

    And don't forward or respond to chain emails!

  2. Technical examination by Prune · · Score: 5, Informative

    There's a more technical examination of the virus at https://forums.symantec.com/t5/Malicious-Code/Downadup-Small-Improvements-Yield-Big-Returns/ba-p/381717

    --
    "Politicians and diapers must be changed often, and for the same reason."
  3. Re:Keep spreading lies by Anonymous Coward · · Score: 5, Informative

    Be warned - in case you are tempted...

    This is a pretty ingenious script that

    • Opens up windows (or tabs, depending on how you open the link) as fast as your computer can - 100% CPU
    • Each window displays gay porn
    • Plays a loud sound "Hey everybody I'm looking at gay porno"
    • Behind the scenes it also copies the contents of your clipboard to this guy.

    It works in IE and firefox. It is simply a page with an image, a flash movie, and a javascript that copies your clipboard to a field then 'submit()'s' the form, reloading the page.

    Very simple and bypasses popup blockers (at least the ones I have on).

    This has got to be a security hole in firefox, both on the ability to open windows/tabs, and copying the clipboard.

    If you want to have a look, use:

    wget http://getthefacts.on.zoy.org/index.php

    WARNING: dont click on this link, just copy the wget command to a shell. Dont say I didn't warn you...