Slashdot Mirror

← Back to Stories (view on slashdot.org)

Downadup Worm — When Will the Next Shoe Drop?

Posted by timothy on from the it-looks-like-you're-using-windows dept.

alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."

21 of 295 comments (clear)

  1. Re:Keep spreading lies by Anders · · Score: 2, Insightful

    I prefer this [zoy.org] site, its facts are far more accurate ;-)

    At least it wasn't a rickroll ...

  2. Microsoft... by ConceptJunkie · · Score: 4, Insightful

    "From where do you want to get pwned today?"

    It's 2009... I can't believe we're still dealing with this crap in 2009.

    --
    You are in a maze of twisty little passages, all alike.
  3. Re:Why is it.. by nathan.fulton · · Score: 5, Insightful

    ".. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?"
    Because there is a 100% correlation between a virus crashing and a virus writer's lost profit. With most legitimate software, a crash leaves only one practical option: keep using the crapware and hope it doesn't crash again.

  4. Re:And now we rediscover by timmarhy · · Score: 1, Insightful
    yeah right because computers happen in nature. we did have a diversity of computers in the wild, they happily swung from the trees and shat in the woods, but then the windows computer was introduced and ate all their food and raped their babies.

    or maybe not everything has an analogy based on nature, since it's 100% artifical to begin with, and fills an artifical reqirement (like all computers being compatible dictates a monoculture...)

    --
    If you mod me down, I will become more powerful than you can imagine....
  5. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kneo24 · · Score: 2, Insightful

    Interestingly, security through obscurity is not real security.

  6. Re:Keep spreading lies by nmb3000 · · Score: 2, Insightful

    By contrast, my wife's laptop which was running Windows XP...required constant de-spywareification and resource intensive anti-virus programs always on alert.

    Then, as they say, you're doing it wrong. Running XP/Vista securely is pretty easy:

    • Most importantly: don't run as admin.
    • Stay updated.
    • (Optional) Use a browser like Firefox with addons like NoScript. Makes browsing new sites painful, but more secure.

    That combined with a little common sense means you don't even need any realtime anti-virus software. If you do accidentally get something malicious installed, cleaning a user profile is really easy. Worst case means copying files and then deleting and re-creating the profile, just like you would have to do on an infected Linux system.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  7. Re:Keep spreading lies by jesser · · Score: 4, Insightful

    Firefox doesn't let web sites access your clipboard directly. Flash does. The Flash guys consider it a feature, while the Firefox guys consider it a security hole in Flash (or at least I do).

    I bet the site is using Flash.

    --
    The shareholder is always right.
  8. Re:And now we rediscover by philspear · · Score: 2, Insightful

    I at least find it funny that IT joins many other fields in realizing nature faced a similar problem and solved it billions of years ago.

  9. Re:what will it download? by hobbit · · Score: 5, Insightful

    while Downadup today is not malicious in the sense of destroying files

    How quaint! The idea that someone might infect millions of PCs just to delete people's files is so 20th century.

    --
    "Wise men talk because they have something to say; fools, because they have to say something" - Plato
  10. Re:And now we rediscover by The+Master+Control+P · · Score: 1, Insightful

    Compatible emphatically does NOT imply monoculture.

    That is the whole point of open standards.

  11. Re:Keep spreading lies by lordsid · · Score: 3, Insightful

    I don't know where you guys get your information but its pretty easy to access the clipboard from javascript even in firefox.

    Try searching for "javascript clipboard functions" the first link gives an example. All he would have to do is paste the content into a hidden div and wait for it to resubmit itself.

    --
    IMAGE VERIFICATION IS EVIL!
  12. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by Kneo24 · · Score: 2, Insightful

    That's 15% between the two (I'm sure Apple probably has the larger slice of that 15%), and they still don't make up the overwhelming majority. Call me when either one hits a market share of 30%. Those operating systems have holes too. Just because the majority of the people in the virus scene ignore them doesn't mean they aren't there.

  13. Re:Keep spreading lies by NeverVotedBush · · Score: 5, Insightful

    The both of you should probably add "that you know of".

    The reality is that Linux boxes are highly prized. Their owners frequently have high speed connections and Linux can do all sorts of fun things.

    Linux isn't perfect. There have been any number of security issues that would allow a knowledgeable hacker easy access. It all depends on if you kept your systems up to date and patched, didn't set up and allow unnecessary services, had a good firewall policy with a default deny/drop stance, etc.

    Linux comes out of the box now pretty secure but it hasn't always. And individual user habits can also compromise a system. Add to that the fact that one of the big ways into a system now is through add-on things like flash and such, and the knowledge that there have been kernel bugs that let user applications get root with a single command (things like vmsplice), and there is a possibility that your Linux boxes are rooted and you just don't know it.

    For the record, I run Linux almost exclusively and am no fan of Windows. But people need to understand that just running Linux is not a guarantee of safety. I'm also not questioning your capabilities. It's just that blanket statements about Linux security should probably be qualified.

  14. Re:Keep spreading lies by ozmanjusri · · Score: 5, Insightful
    They know to keep Windows up to date and run a scan at least once a week for any suspicious. They've also learned to not click on every fool link there is just because they can.

    Why bother?

    Linux is free, and it's easier to learn Linux than how to keep Windows clean.

    --
    "I've got more toys than Teruhisa Kitahara."
  15. Re:Keep spreading lies by calmofthestorm · · Score: 1, Insightful

    I love noscript:-)

    --
    93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
  16. Re:what will it download? by Zadaz · · Score: 4, Insightful

    Well of course deleting files could be crippling. Which is exactly why it would be a stupid thing for a hull breach app to do.

    A modern virus/trojan/worm/etc doesn't want to be noticed. It wants to be an available node to be sold to the highest bidder. Just like a biological virus it can't spread if it kills or incapacitates its host.

    Deleting files was something a virus did back in the 80's because hackers didn't have much imagination. That's not to say a terrorist organization couldn't buy the next payload and send out a "secure reformat on boot" app, but it would be a massive waste of a resource (a massive botnet is incredibly powerful/valuable tool not to be thrown away) and a foolishly indiscriminate target, even for terrorists. In any case they'd have to outbid the ordinary criminals who want it to spam, hijack, DoS, keylog, skim and blackmail.

    ...[This] is the first time I have seen the infection attributed to a Russian-area site.

    You really don't get out much, do you.

  17. Re:Keep spreading lies by Spit · · Score: 5, Insightful

    A better counter is not to click links posted by anonymous idiots.

    --
    POKE 36879,8
  18. It simply does not matter! by erroneus · · Score: 4, Insightful

    It doesn't matter how bad and unsafe Windows is. Microsoft Windows is like the air. People are going to keep breathing it no matter who farted in the room. People live in the most polluted places because that's where they live, that's where they work, that's where they play. I could tell you all day long about this other place... with clean air, that's safe, that's stable and all that... and most people might be intrigued but very few will vacation there and even fewer will actually move there. This is how people work.

    Linux needs an Apple logo before the masses will move to it.

  19. Re:Spyware, Adware, Antivirus, Don't use IE, Use a by symbolset · · Score: 2, Insightful

    Yeah, but good practices like having "no open ports" and "don't execute files in every damned media you mount" are good security practices. Practices that Windows fails at. Still.

    --
    Help stamp out iliturcy.
  20. Re:Keep spreading lies by Anonymous Coward · · Score: 1, Insightful

    Wow. On slashdot just being in touch with your feelings is enough for a +1, Insightful!

    I love cake. :)

  21. Remove the link then. by HoppQ · · Score: 3, Insightful

    If you're warning against clicking the link, don't include it in your own post. Thank you.

    --
    My sig will be released in 2015 third quarter. Rating pending.