Downadup Worm — When Will the Next Shoe Drop?

alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."

Re:what will it download?

[janrinok]

Another issue is this is the first time I have seen the infection attributed to a Russian-area site.

I realise that the article is referring to Ukraine, but your phrase 'Russia-area' covers 11 time zones and either 12 or 14 countries which directly border upon Russia, depending on whether you include the enclave of Kaliningrad: Norway, Finland, Estonia, Latvia, Lithuania, Poland, Belarus, Ukraine, Georgia, Azerbaijan, Kazakhstan, Mongolia, China and North Korea. That is a considerable chunk of the world, the majority of its population, and totally irrelevant to the subject. After all, your sweeping generalisation of Russia-area includes China which is where you have also heard the virus originated.

Why didn't you just say 'Ukraine'?

Anyone starting a war will want a crushing first blow and taking out files, doing DDoS, etc, would be typical.

You do realise that Ukraine is no longer aligned with Russia? Are you honestly suggesting that the Ukraine is about to attack someone?