Remember Downadup, aka Conficker? I posted about it a couple of months ago, when it first became news. Well now the thing has become even bigger news. The Downadup worm that I wrote about was the first version of this worm. Well now it has mutated, so to speak. Downadup initially became news when it quickly infected over 11 million computers, and when I say quickly, I mean within a week. And mind you, the spread of this worm was because of computers that, for whatever reason, were not updated with Microsoft’s latest updates back in October 2008. Well a concerted effort to track this worm down and shut it down by anti-virus vendors was initiated. Now not to fault the cause, this effort probably caused a mutation of this worm to what was known as Downadup B. When this version was reverse engineered, it was found to have a data base of around 250 websites in which it was to use to “phone home”, on February 12th, in order to get further instructions on what it was supposed to do. Once this was discovered, quick action was taken to shut these domains down, thus not allowing the worm to phone home.
This now brings us to Downadup C. In a brilliant, although devious move, the worm has now mutated once again and will no longer try to connect with the 250 domains anymore. Instead, it has been re-scripted to attempt to contact, not 250, but 50,000 possible domains. The 250 domains could be managed, but 50,000 is going to be just about impossible. What’s more, when this newest version was reversed engineered, it was also found that it’s time to phone home is almost here. April 1st. This is a notorious date for viruses and worms to activate in history. But nothing that we have seen in the past compares to what this is capable. The one thing that we do NOT know, is exactly what Downadup is going to actually do. Anything from data erasure, to attacks on particular networks, to identity theft, to denial of service attacks are all very real possibilities. For those of you who do not know what a denial of service attack is, it is basically a mass attack on a particular site’s server(s). This is accomplished by the use of a botnet, which is a network of stolen computers in which the hacker has control of. By causing these thousands to sometimes hundreds of thousands, of stolen computers to simultaneously attempt to contact a particular web sites server’s, it causes the servers to overload and crash, thus shutting down the website.
I personally feel that this thing is going to die a quick death, but who knows. I guess we will find out on April 1st. One thing for sure, make sure that you have all the current Microsoft Updates. You can get them by going HERE in Internet Explorer. It will not work in any other browser.
It will be interesting to see what happens on April Fool’s Day!!!!
Who will be the Fool though???
Let me know what you think…….
My Edible Earth 