A few days ago, Trend Micro got wind of a .DLL worm detected as WORM_DOWNAD.A that exploits the MS08-067 vulnerability. Its routines have led our security analysts to postulate that it is a key component in the development of a new botnet.
Initially thought to be working in conjunction with a NETWORM variant, WORM_DOWNAD.A is now believed to be an updated version of an attack from the same criminal botnet gang.
Fresh reports, however, suggest that this threat seems to have gone wider and has even extended its reach around the globe. More than 500,000 unique hosts have since been discovered to have fallen victim to this threat.
These infected hosts are spread across different countries and as a random check by Trend Micro Advanced Threats Researcher Ivan Macalintal revealed, they can be found in service provider networks in the U.S., China, India, the Middle East, Europe, and Latin America — several residential broadband providers appear to have a larger number of infected customers.
The Trend Micro Smart Protection Network already protects users from WORM_DOWNAD.A and provides solutions for its cleanup and removal. Our engineers are still closely monitoring this threat. Updates will be posted as soon as they become available.