Computersight -

A new problem for the average computer user: the Downadup computer worm has hit an estimated 9 million computers, according to F-Secure. F-Secure has received numerous criticisms for it’s calculations, with many observers asserting that a more likely number of infected users is around 500,000 to 1 million. When coming to their number, F-Secure simply gave this as an answer to critics: “There are several different variants of Downadup out there. The algorithm to create the domain names vary a bit between the variants. We’ve been tracking the variant we believe to be most common. It creates 250 possible domains each day. We’ve registered some selected domains out of this pool and are monitoring the connections being made to them.” Out of their monitoring, they have been able to identify the unique IP logs and have estimated the actual number of users infected.

It’s important to understand that not just the average computer user (who doesn’t update their patches frequently, as a solution was provided by Microsoft in October) is at risk, but so are companies. They are susceptible to intrusion, seeing as that they often neglect updating their systems.

The Downadup virus works kind of like this: The virus spreads through USB drives and/or the internet. Once attached to a computer, the worm will then proceed to disable Windows Automatic Update, Windows Defender, and any other standard updating software that the consumer is most likely to use. Then, the virus will block the user from files containing keywords, such as virus, Norton, or Kaspersky. Then, it generates hundreds of unregistered domain names, unlike other standard worms that only generate one or two a day. From these domains, only one is needed for the worm to connect the computer to the site and begin downloading malware, and at that point the user has lost control of the computer.

It appears that the virus is originating from Ukraine, and the actual purpose of the virus is still unclear. Many experts believe that the creators want to make money off of the ordeal, using the malware to prompt a user to purchase anti-virus products. Although this worm has spread faster than any one before it, it appears as if there is no real cause for concern.