MISCELLANEOUS

How big is the so-called Downadup pandemic after all?

Photo credits: Pixabay / WerbeFabrik
What lies behind the infamous worm media alerts

Security vendors and analysts have argued and commented in the last couple of weeks about the severity of Downadup (Confiker/Kido) infections, while mass media have enjoyed feeding readers with terrifying figures and apocalyptic scenarios.

Latest estimations showed that global infection reached 10 million computers ten days ago and chances are that the amount to significantly increase. Assuming that Downadup scores 15 million hits, can we actually talk about a mass proportion infection?

Although the previously mentioned numbers equal the entire population of Belgium or Netherlands, they definitely look less scary when put into context. At the end of June 2008, the Internet infrastructure was serving 1,463,632,361 users. Chances are that this number slightly increased in the last semester. Still, if we run some figures, those 10 million Downadup infections simply translate into 0.68% of the total amount of Internet users, which, in my humble opinion is no longer so frightening.

Still, when talking about Downadup there are at least 3 alarming aspects:

1) Downadup is not a toy. The malware creators behind engineered it with a lot of craft and succeeded in creating an illustrious heir for its precursors, namely Welchia, Blaster, Sobig, Sasser and Storm.

2) The high rate of infections revealed that the level of awareness is still low among users. Not only when it comes to (constantly) update an OS with the latest fixes against security flaws (Downadup exploited the Microsoft RPC flaw, patched in October with MS08-067), but even in terms of (that good sense) removable media scanning against malware (even if it comes from a trusted sources). It also shows that many users do not know that removal tools are available and they could employ them to disinfect their systems (until is not to late).

The table below summarizes the percentile growth rate of new infections in the last two weeks of January compared to the previous two of the same month, for the Top 10 Most Infected Countries:

Country Percentile infections growth in Jan 16-31 (compared to Jan 01-15)
Indonesia 482.69
Thailand 451.52
India 409.6
Philippines 394.52
Australia 378.02
Spain 351.04
France 324.62
Malaysia 318.9
Italy 256.4
China 214.1

3) Corporate networks, virtual machines, average Joe kitchen computer and all the sensitive data stored onto unpatched systems are currently at risk. Don’t forget, that the initial breed of Downadup egressed in late November and the danger lurked comfortably in the wild until the new mutations appeared one month later. Most likely, the worse is yet to come.

About the author

Răzvan LIVINTZ

With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.