1. /
  2. Security Response/
  3. W32.Downadup.C


Risk Level 2: Low

March 6, 2009
April 6, 2009 6:30:44 PM
Also Known As:
Mal/Conficker-B [Sophos], Worm:W32/Downadup.DY [F-Secure], Trojan-Downloader.Win32.Kido.a [Kaspersky]
Trojan, Worm
Infection Length:
88,576 bytes
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
W32.Downadup.C is a threat that is downloaded on to the compromised computer by the W32.Downadup family of worms.

Note: For more information, please see the following resource:

Antivirus Protection Dates

  • Initial Rapid Release version March 6, 2009 revision 036
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version March 6, 2009 revision 037
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date March 11, 2009
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Medium
  • Number of Infections: 1000+
  • Number of Sites: 10+
  • Geographical Distribution: High
  • Threat Containment: Moderate
  • Removal: Difficult


  • Damage Level: High
  • Payload Trigger: File downloading is triggered after 1st April 2009.
  • Payload: Attempts to download files from a predetermined list of addresses. Also attempts to intercept and redirect DNS requests to prevent access to certain Web sites.
  • Compromises Security Settings: Stops certain Windows services and security related processes.


  • Distribution Level: Medium
  • Target of Infection: Computers already infected by earlier variants of the W32.Downadup family of worms.
Writeup By: Ka Chun Leung and Sean Kiernan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver