Downadup: The Web's Next Big Threat?
Experts blame a lack of patching and an advanced design for the rise of a worm that could outpace Storm.
Downadup has been spreading so rapidly that security experts say it will beat the record of the Storm virus, which infected anywhere from 160,000 to 50 million computers after being first identified in January 2007.
The newest worm hasn't yet hit the high end of those figures -- but it's close. Antivirus vendor Panda Security said that it's observed that almost 6 percent of the two million computers it has scanned were infected by the worm.
And it's growing far more quickly than Storm, Ryan Sherstobitoff, chief corporate evangelist at Panda, told InternetNews.com. "Storm took a while to gain speed, whereas [Downadup] gained a lot of ground in only 48 hours," he said. "Think of it as 'shock and awe' for the PC."
Others had even more worrisome reports of Downadup's aggressive growth: Antivirus vendor Shavlik Technologies said in a statement that it estimates that more than nine million PCs have been infected, while David Perry, global director of education at antivirus firm Trend Micro, told Internetnews.com that he believes about 10 million PCs have been hit.
The worm's rapid spread marks the latest blow to an Internet security industry struggling to cope with the ever-increasing savvy of spammers and malware authors. Downadup, for instance, contains a number of features designed to make it harder for security pros to shut down.
Yet it's not its design that accounts for Downadup's rapid proliferation. Instead, you can blame users' failure to patch their systems.
Downadup takes advantage of a vulnerability in Microsoft (NASDAQ: MSFT) Server systems, and the company issued a patch back in October. In security bulletin MS08-067, Microsoft alerted users that the problem could be used to craft a worm. It also recommended customers apply the update immediately.
"It's a patching issue, and it's spreading because people haven't patched their PCs for so long that they're out of the patching cycle," Panda's Sherstobitoff said. "That's why a worm like this would get out of control."
Despite the differences in how widespread security vendors believe Downadup has become, consensus remains that it's emerged as the worst attack on the Web since the Storm worm. And despite Downadup's sprawl, security experts say they do not yet know why it's setting up botnets.
"It could be a smokescreen or camouflage for some other attack happening on a smaller scale somewhere else," Trend Micro's Perry said.
"I think it's an experiment about exploiting this new vulnerability and how effectively it can be used," he added. "I wouldn't be surprised if it were caused by the same people who brought you the Storm worm."