Current event: Downadup worm infects 1.1 million machines in 24 hours

By cxlt at 2:05 pm on January 15, 2009 | 6 Comments

A worm known as Downadup, or also Conficker by some security companies, is spreading rampantly by exploiting a bug found – and patched – months ago in Windows machines.  F-Secure believes that the worm has already compromised 35 million machines total.

Though Microsoft had deemed the security flaw important enough to issue a rare emergency update for it back in October, it has responded fairly quickly to this latest surge by the worm by adding detection for it to its malware removal tool on Tuesday.

Though Microsoft’s code has often been criticized for its alarming rate of security flaws, it is difficult to do so in this instance given this rapid response, and researchers from F-Secure and Symantec agree; the issue in this case is customers that have failed to apply the patch.

Though hackers have yet to turn the network into a botnet, the infrastructer is in place for it to do so.  Every day, the worm uses a very complex algorithm to generate hundreds of domains that it would query for instructions from its masters, only any one of which the hackers would have to register to control the botnet.  By contrast, as with the Srizbi botnet last year, security firms have to register every single one of those domains in order to wrest control away from the hackers.  FireEye, a security company, tried to do this for a while, but it soon became too expensive to do, and the hackers regained control of their network.

This incident raises questions as to whether customers should be allowed to choose whether or not to install updates anymore.  Apart from corporate customers who have to worry about the compatibility of their custom software, the time has perhaps come for security updates to be force-fed to consumers, particularly those who disable updates without realizing the full implications of that decision.

[source: link]

Filed under: Current Events,Policy6 Comments »