Symantec Connect
  • Login
  • Register
  • Security
    • All of Connect
    • Backup and Archiving
    • Clustering and Replication
    • Endpoint Management & Virtualization
    • Storage Management
    • Security
    • Inside Symantec
    • Vision User Conference
    • Partners
    • Developers
    •  
  • Overview
  • Forums
  • Articles
  • Blogs
  • Downloads
  • Events
  • Videos
  • Groups
  • Ideas
Login to participate
Security ResponseRSS

The Downadup Codex, Edition 2.0

Ben Nahorney
June 2nd, 2009
Tags: Endpoint Protection (AntiVirus), Malicious Code, Malicious Code, Security, Security Response
Facebook Twitter

It seems that the Downadup family of worms is gone but not forgotten. Or is it the other way around?

Media attention for Downadup has waned since early April. The last variant of the threat, W32.Downadup.E, included a “self-destruct sequence” effectively deleting itself as of May 3, 2009. Has the death toll for Downadup chimed, effectively moving it to the historical annals of malicious code?

Not in the least—Downadup is still very much alive and kicking around out there. While the threat is no longer spreading with the same fervor as it did at the beginning of the year, its infection numbers are not falling off as you would expect if we were looking at the cleanup period of a has-been threat. Let’s take a look at some rough data that we’ve collected here in Security Response.

 

Reported Downadup Infections (est)

(A couple of quick notes on this chart: the data is a rough estimate based on some internal tracking we do.

The graph is not representative of the full scale of infections out there, but rather a sample used to show a

trend. Also, the periodic drop-offs represent weekends.)

This data represents the number of new Downadup infections reported to our sensors per day. We’ve started from May 3, the day W32.Downadup.E removed itself from the computers it compromised and the last high-profile activity by the threat.  Notice that while there is a slight decline over the month, the numbers remain quite steady.

The point here is that Downadup is just as relevant today as it was during the peak of media attention. With that in mind, we have compiled another edition of The Downadup Codex. Once again, it compiles the blog entries that we have written, including eight new ones. We’ve also updated the historical introduction to bring us up-to-date. Finally, we’ve added two new appendices to the codex, one that details the various features of each variant, and one that offers advice on how to find Downadup infections.

While possibly forgotten, but not gone, Downadup still needs attention in order to be properly moved from today’s threat landscape to the annals of malicious code. With that in mind, we present The Downadup Codex, Edition 2.0.

 

Thanks to Paul Mangan for his help crunching the numbers for the chart in this entry.

0 votes
  • Ben Nahorney's blog
  • Comments RSS Feed

About Security Response Blog

Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:

Recent Blog Posts

  • Microsoft Patch Tuesday - February 2010
    Robert Keith - February 09, 2010
  • Sale! This Offer is Valid EVERY Week
    Mayur Kulkarni - February 05, 2010
  • SpyEye Bot versus Zeus Bot
    Peter Coogan - February 04, 2010
  • 利用双重漏洞发动攻击的木马Trojan.Hydraq
    Livian Ge - February 03, 2010
  • Phishing Using Pornographic Content as Bait
    Mathew Maniyara - February 03, 2010

Blog Tags

10.x 11.x 9.x and Earlier Brightmail Gateway Emerging Threats Endpoint Encryption Endpoint Protection (AntiVirus) Evolution of Security General Symantec How to IT Risk Management Internet Security Threat Report Malicious Code Mobile & Wireless Online Fraud Platforms & Hardware Restore Security Security Security Risks Spam Vulnerabilities & Exploits Windows
© 2010
  • Symantec Corporation
  • Contact Us
  • Get RSS
  • Newsletter
  • Privacy Policy
  • Symantec.com