 "China, Argentina Hit Worst By Downadup 'Zombie' Spree")
Downadup made the headlines recently with close to $3.5 million infections worldwide. Biztech2 spoke to Symantec about some of the findings of its analysis teams to understand how this malicious worm has been spreading itself across corporate networks.
“The Symantec Intelligence Analysis Team has been monitoring the Win32 infections since mid-December. W32.Downadup is an extremely interesting piece of malicious code and one of the most prolific worms seen in years. This is largely attributed to the fact that it is capable of trivially exploiting users, who are running unpatched Windows XP SP2 and Windows 2003 SP1 systems,” says Vishal Dhupar, MD, Symantec India.
According to the security vendors’ analysis, W32.Downadup.B infections are using the same method used to monitor W32.Downadup.A. Basically, both worms use custom date-based algorithms to generate 250 domain names per day.
“The IP data shows us that China and Argentina are by far the most infected areas. Both East Asia and South America are the main areas of infection. In total, Symantec has observed over three million unique IP addresses infected with W32.Downadup.A,” adds Dhupar.
Dhupar mentions that one of the reasons for this magnitude of infections is the widespread availability of pirated software, which is a barrier to updates. “People with illegal copies of Windows, who choose to disable automatic updates, can create an ideal breeding ground for malicious code authors to proliferate their wares,” he says. He goes on to add that although there have not been specific observations regarding the entry of this worm into the networks of Indian companies, the above observations by the Symantec Intelligence Analysis Team are ample proof of the magnitude of threat any organisation can face today due to this worm. In addition to this, Symantec also made some suggestions as to how to steer away from sources hosting malicious worms.
Symantec suggests the following best practices to Indian organisation to counter the W32.Downadup worm, such as regularly updating one’s computers with the latest security updates. Secondly, it is important to turn off the ‘autorun’ feature that will automatically run programmes found on memory sticks and other USB devices. Finally, regularly updated passwords can also prevent an organisation from falling prey to this worm.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
