-
Discovered:
- March 6, 2009
-
Updated:
- April 6, 2009 6:30:44 PM
-
Also Known As:
- Mal/Conficker-B [Sophos], Worm:W32/Downadup.DY [F-Secure], Trojan-Downloader.Win32.Kido.a [Kaspersky]
-
Type:
- Trojan, Worm
-
Infection Length:
- 88,576 bytes
-
Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
W32.Downadup.C is a threat that is downloaded on to the compromised computer by the W32.Downadup family of worms.
Note: For more information, please see the following resource:
W32.DownadupAntivirus Protection Dates
-
Initial Rapid Release version March 6, 2009 revision 036
-
Latest Rapid Release version September 28, 2010 revision 054
-
Initial Daily Certified version March 6, 2009 revision 037
-
Latest Daily Certified version September 28, 2010 revision 036
-
Initial Weekly Certified release date March 11, 2009
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Medium
-
Number of Infections: 1000+
-
Number of Sites: 10+
-
Geographical Distribution: High
-
Threat Containment: Moderate
-
Removal: Difficult
Damage
-
Damage Level: High
-
Payload Trigger: File downloading is triggered after 1st April 2009.
-
Payload: Attempts to download files from a predetermined list of addresses. Also attempts to intercept and redirect DNS requests to prevent access to certain Web sites.
-
Compromises Security Settings: Stops certain Windows services and security related processes.
Distribution
-
Distribution Level: Medium
-
Target of Infection: Computers already infected by earlier variants of the W32.Downadup family of worms.
Writeup By: Ka Chun Leung and Sean Kiernan
