An ominous thought. An even more unsettling mental picture. But, are you or your corporate systems now enlisted in one of the largest recorded botnets?
From Computer World:
Early Wednesday, Helsinki, Finland-based security firm F-Secure Corp. estimated that 3.5 million PCs have been compromised by the “Downadup” worm, an increase of more than 1.1 million since Tuesday.
OK, that is a substantial number by any analysis. Back in October Microsoft released an out of cycle patch to address the problem in the Windows Server service that, at the time, was part of “limited targeted attacks”. And Marc Maiffret said at the time, “The reality is that bad guys do not like worms because they cause more people to patch.”
Well, that appears now to no longer be the case for some malicious types.
From F-Secure:
Downadup worms attempt to call home.
They do this by trying to connect to various Web addresses. And if the worm finds an active Web server at one of these domains, it will download and run a particular executable — thus giving the malware gang a free hand to do whatever they want with all of the infected machines.
They could build a large botnet for example. The framework is in place.
Normally malware uses only one or maybe a handful of websites. Such sites are generally easy to locate and shut down.
Then there is Downadup. It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. With this algorithm, the worm generates many possible domain names every day.
Hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org.
This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place.
However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines. Pretty clever.
Now with the escalating spread one can only wonder, what is afoot? Not like anything major is going to be in the news tomorrow.
Is there?
