Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Connecting The Dots: Downadup/Conficker Variants

Created: 21 Apr 2009 16:34:30 GMT • Updated: 23 Jan 2014 18:35:44 GMT
Ben Nahorney's picture
0 0 Votes
Login to vote

For the last couple weeks, all’s been pretty quiet on the Downadup/Conficker front. While we’re still performing our ‘daily patrols’ here in Security Response, watching for signs of something new, quiet moments like this give us a chance to reflect on what has come to pass so far.

What we’ve discovered looking back is that there has been some confusion about the different Downadup variants—what each one does and how they interrelate. It’s not surprising, given that a feature present in one version is often absent in another. Some largely stand on their own, some install other risks, and others largely seem to exist in order to update their siblings. Try describing how each works and you’re likely to find yourself reminded of an Abbott and Costello routine.


In order to connect the dots between Downadup variants, we’ve developed a new video that charts the family from the first variant up to today, as well as what behaviors we expect in the future. We focus on how each variant relates to its siblings, painting a clearer Downadup family portrait.


For those of you looking for a quick-and dirty rundown of the video, here’s the timeline summarized:


November 22, 2008: W32.Downadup is released
December 28, 2008: W32.Downadup.B is released
March 4, 2009: W32.Downadup.B downloads W32.Downadup.C
April 1, 2009: W32.Downadup.C begins checking 500 of 50,000 domains
April 7, 2009:

  • W32.Downadup.E is seeded into W32.Downadup.C P2P network
  • W32.Downadup.E updates W32.Downadup.B
  • W32.Downadup.C downloads other risks


Find yourself struggling to keep up with this evolving threat? Try subscribing to some of our Security Response feeds. You have your choice between this blog, our writeups, or even our YouTube channel. We’ll keep a lookout and let you know when something new appears.


Thanks to Eric Chien, Ka Chun Leung, and Sean Kiernan for their help making sense of the alphabet soup that is the Downadup family.

Message Edited by Ben Nahorney on 04-22-2009 08:48 AM