Downadup still alive and kicking

With the last variant of the threat, W32.Downadup.E, including a “self-destruct sequence” that effectively deletes itself as of May 3, 2009; does this mean that the death toll for Downadup chimed, effectively moving it to the historical annals of malicious code?

Not in the least—Downadup is still very much alive and kicking around out there. While the threat is no longer spreading with the same fervour as it did at the beginning of the year, its infection numbers are not falling off as you would expect if we were looking at the cleanup period of a has-been threat.

This data below represents the number of new Downadup infections reported to Symantec’s sensors per day, starting from May 3, the day W32.Downadup.E removed itself from the computers it compromised and the last high-profile activity by the threat. Notice that while there is a slight decline over the month, the numbers remain quite steady.

According to data from Symantec Security Response as of January 2009, Malaysia was listed as one of the top 10 countries with the highest infection counts in the world. China topped the list with about 28.7 percent of infection proportion originating from the county. This was almost three times as many infections as the second-most infected country, Argentina.

Symantec makes the following recommendations:
1. Make sure that your virus definitions are up to date.
2. Network admins: be prepared to block access to TCP port 139 and 445 at network perimeters. These ports are particularly targeted by the worm.
3. Ensure that computers that are connected to the network have host-based firewall software installed.
4. Also verify that antivirus software is installed on all clients connected to the network and that the software is up to date.
5. Disable the AutoPlay function in Windows.
6. Enforce strong network passwords for shared resources.

While possibly forgotten, but not gone, Downadup still needs attention in order to be properly moved from today’s threat landscape to the archives of malicious code. With that in mind, Symantec has compiled The Downadup Codex, Edition 2.0, which includes details of the various features of each variant and offers advice on how to find Downadup infections.

For more information, or to speak to a Symantec security expert, please contact Erna Mahyuni/Tiam Siang Lee of Text 100 at 03-2282 2152.