Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Sleeper Virus - Downadup or Conficker Worm Warnings

Messages circulating via email, blogs, and online communities are warning computer users about a "sleeper" virus dubbed the "downadup" or "conficker" worm. These warnings are true although some media reports about the potential consequences of a supposed April 1st 2009 launch of the sleeper virus tend to be exaggerated.

According to CNN and other news outlets, the worm exploits a bug in Microsoft Windows that allows it to infect computers linked via corporate networks. Once installed, the worm can potentially allow hackers to take control of the infected computers.

The worm has caused concern among computer security experts because it is so widespread with large infections detected in the US, Asia and Europe. So far, however, the worm is yet to cause any harm to the infected networks, hence its designation as a "sleeper". A January 16 2009 article on CNN notes:
It is the most serious large scale worm outbreak we have seen in recent years because of how widespread it is, but it is not very serious in terms of what it does. So far it doesn't try to steal personal information or credit card details.
An article published on CRN.com explains:
Like other malware, the worm known as Conficker or Downadup is a blended threat, relying upon a variety of attack vectors, which range from brute-force password guessing to hitching rides on USB sticks, in order to replicate and spread throughout a network. However, what experts say makes this worm unique is the rate of speed at which it replicates.
Although the potential threat is certainly real, computer security experts suggest that some media reports surrounding the supposed "launch" of the worm on April 1st 2009 tend to seriously exaggerate its potential consequences. Some of the more sensational reports claim that on April 1st hackers will be able to take control of millions of computers around the world with potentially devastating results. In spite of these reports, computer security experts are telling computer users there is no need for panic. An article by security expert Joe Stewart published on the SecureWorks research blog notes:
If you've been reading any news at all on the Internet in the past week, you've probably heard that Conficker Armageddon is approaching, and itís scheduled for April 1st, only a few days from now. The SecureWorks Counter Threat Unit has been receiving an increasing number of inquiries asking what one needs to do to prepare for the impending April 1st outbreak.

The truth is, there will be no April 1st outbreak, despite what some of the press stories have said so far. The only thing that will happen with Conficker on April 1st is that already-infected systems will begin to use a new algorithm to locate potential update servers. There, thatís not so scary, is it?
Stewart's take on the issue is confirmed by other security experts:
Despite the hype surrounding the April 1 "launch" for the Conficker, or Downadup, worm, security experts from Symantec and McAfee say there's little to worry about. Although the authors of Conficker have consistently improved the worm, the media attention makes a criminal move on April 1 unlikely. Security best practices should protect most PCs. Despite security analysts insisting that April 1 is only a red herring, the Conficker malware hype keeps growing as April Fools' Day approaches. Indeed, the doom and gloom is persisting even as security researchers offer a voice of reason.
Users of Microsoft Windows should ensure that the latest Windows security updates are installed on their computers. A removal tool for the worm is available from the F-Secure website. Note that computers infected by Downadup are blocked from reaching f-secure.com websites. The F-Secure FTP server can also be reached from: ftp://ftp.antivirus.fi/anti-virus/tools/beta/ and ftp://193.110.109.53/anti-virus/tools/beta/.





References:
Downadup virus exposes millions of PCs to hijack
ISTP and F-Downadup Removal Tool
Conficker Worm Spreads Fast, Infects Millions
ISTP and F-Downadup Removal Tool



F-Secure Malware Information Pages: Worm:W32/Downadup.gen

Last updated: 31st March 2009
First published: 26th January 2009

Write-up by Brett M. Christensen