Happy Day!
Over the past few weeks IT security industry and professionals learnt a lot about Downadup worm. The worm spread to several millions of computers. Still no one identified if this worm has done anything significant that effects the individual privacy or steal personal information, except its ‘intelligent spread’. Everyone is waiting to see what the author’s intension is? The only way to know is when this worm does something really interesting thing, which could be dangerous.
As the news and information about this worm is wide spread, most of the security professionals found a way to monitor its behavior, and most importantly the prevention and detection methods were also found and implemented. In this situation it is most unlikely that the author wants to take advantage of this worm in the known methods.
One of the possible methods the author can take advantage is by taking advantage of its peer-to-peer communication capability. If the same happens it would be very difficult to detect and prevent the worms spread. Some Antimalware vendors speculated the prediction of spread by F-secure and downplayed they theory.
In my opinion the best way to be safe is to be aware of basic security principles through education and practicing them.
Here are more links about the worm for your information.
First I would like to provide you the link with the removal / disinfection instructions, and 20 plus things you can do to ‘be happy, be secure’.
Symantec – Peer to Peer Payload distribution!
Symantec – Geographic location spread. This information is not matching with F-Secure statistics. This difference is understandable if they both have presence in different countries with varying customer base. But they claim that they found that the IP addresses they discovered when the Downadup worm contacted their domains (which they registered from the list generated by the worm). Unless both the company executives sit together and come to a conclusion and then give us a proper explanation, the rest of would be confused.
This two part article in German has very good information on this worm. The link in German language and the link to English translation page with Google.
Confusing further, PC-Mag.Com said that the worm spread numbers are dubbed in their title.
In the wake of this worm, I feel that there should be some regulatory body which coordinates with all these companies and publishes appropriate information to the general public. As of now there is no such body. If any of you know, please feel free to comment below.
In one of my next posts, I would write an article on how to effectively combat malicious programs, please RSS feed this blog.
Have fun!
