A year after the much-hyped April 1st D-day for DOWNAD/Conficker, the world can only hope that it has heard the last of the notorious network worm. As we have seen, DOWNAD variants have effectively infected millions of systems and paralyzed networks in just a matter of months. And while there seems to be very little news on DOWNAD recently, users are still advised to adhere to best computing practices and to implement necessary preventive measures.
As a timely reminder of the extent of this network worm’s capabilities, here is a rundown of the important things we need to remember about DOWNAD.
- DOWNAD can infect an entire network through a single machine. In most cases, all it takes is a single unpatched system for the worm to infect an entire network. It is thus crucial that each and every system is updated with the appropriate patch for the Microsoft OS vulnerability exploited by each threat.
- DOWNAD can attack in more ways than one. There are several ways by which a system—and consequently an entire network—can get infected by DOWNAD. It may arrive via a malicious URL, a spammed message, or a removable drive. WORM_DOWNAD.AD is currently the only variant capable of propagating via removable drives. Unfortunately, this means that a system does not even need to have an Internet or a network connection to become infected, as the worm may arrive through an infected USB.
- Change is but constant for DOWNAD. The DOWNAD variants discovered in 2009 had several code changes, as evidenced by differences in registry changes made by each variant. This just shows that DOWNAD is constantly being updated and refined, revealing a sophisticated cybercrime/malware writing group behind it.
- A huge leap for DOWNAD. The significant increase in the number of domains DOWNAD variants can generate proves the extent of the improvements made on the worm. The number increased from only 250 domains with WORM_DOWNAD.A and WORM_DOWNAD.AD to as many as 50,000 with WORM_DOWNAD.KK.
These are just some of the reasons why DOWNAD became one of TrendLabs’ most persistent threats in 2009. Unfortunately, these same traits can pave the way for a DOWNAD comeback.
Trend Micro™ Smart Protection Network™ continues to protect users from all known variants of DOWNAD/Conficker in real-time by blocking access to identified malicious sites and domains as well as by detecting and preventing the download of malicious files.
The firewall modules available in desktop products likewise prevent the DOWNAD/Conficker from spreading in a network. Moreover, applying the Trend Micro Deep Security solution assures protection on servers and clients against this particular and other network attacks.