Researcher: Worm infects 1.1M Windows PCs in 24 hours

It would make 'one big badass botnet,' says Finnish security company

"This makes it impossible and/or impractical for us good guys to shut them all down," acknowledged Hypponen in a blog entry . "The bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website, and they then gain access to all of the infected machines. Pretty clever." Even so, F-Secure has registered some of the possible hosting domains so that it can eavesdrop on the attackers and get an idea of the number of infected PCs.

Other security firms have tried to pre-empt hackers by registering domains that they may use, but with mixed results. Last November, FireEye Inc. tried to stay ahead of criminals operating the "Srizbi" botnet by registering several hundred domains being used to resurrect the infected PC army, but had to give up the game when it got too costly.

"We have registered a couple hundred domains," said Fengmin Gong, chief security content officer at FireEye, at the time. "But we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."

As soon as FireEye conceded, the hackers were able to reestablish communication with their bots.

Microsoft recommended that Windows users install the October update , then run the January edition of the MSRT to clean up compromised computers.

It's not clear whether the hackers behind Downadup are building a botnet of their own, said Joe Stewart, a senior security researcher at SecureWorks Inc., in an interview today. For the moment, they seem satisfied feeding victims fake security software, which pesters users with pop-ups until they pay for the worthless program.

F-Secure's Hypponen, however, sounded worried about the possibility that machines infected with Downadup would be converted into bots. "It would make for one big badass botnet," he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags wormf-secure

More about FireEyeF-SecureGood GuysMicrosoftPandaSecureWorksSymantec

Show Comments