Security vendors and analysts have argued and commented in the last couple of weeks about the severity of Downadup (Confiker/Kido) infections, while mass media have enjoyed feeding readers with terrifying figures and apocalyptic scenarios.
Latest estimations showed that global infection reached 10 million computers ten days ago and chances are that the amount to significantly increase. Assuming that Downadup scores 15 million hits, can we actually talk about a mass proportion infection?
Although the previously mentioned numbers equal the entire population of Belgium or Netherlands, they definitely look less scary when put into context. At the end of June 2008, the Internet infrastructure was serving 1,463,632,361 users. Chances are that this number slightly increased in the last semester. Still, if we run some figures, those 10 million Downadup infections simply translate into 0.68% of the total amount of Internet users, which, in my humble opinion is no longer so frightening.
Still, when talking about Downadup there are at least 3 alarming aspects:
1) Downadup is not a toy. The malware creators behind engineered it with a lot of craft and succeeded in creating an illustrious heir for its precursors, namely Welchia, Blaster, Sobig, Sasser and Storm.
2) The high rate of infections revealed that the level of awareness is still low among users. Not only when it comes to (constantly) update an OS with the latest fixes against security flaws (Downadup exploited the Microsoft RPC flaw, patched in October with MS08-067), but even in terms of (that good sense) removable media scanning against malware (even if it comes from a trusted sources). It also shows that many users do not know that removal tools are available and they could employ them to disinfect their systems (until is not to late).
The table below summarizes the percentile growth rate of new infections in the last two weeks of January compared to the previous two of the same month, for the Top 10 Most Infected Countries:
|Country||Percentile infections growth in Jan 16-31 (compared to Jan 01-15)|
3) Corporate networks, virtual machines, average Joe kitchen computer and all the sensitive data stored onto unpatched systems are currently at risk. Don’t forget, that the initial breed of Downadup egressed in late November and the danger lurked comfortably in the wild until the new mutations appeared one month later. Most likely, the worse is yet to come.