The worm that’s infected millions of Windows PCs is a “very well-engineered” piece of malware. But researchers still have no clear idea what the hackers plan to do with the collection of computers they’ve compromised with “Downadup.”
Downadup, also called “Conficker,” has infected an estimated 6% of PCs worldwide . The worm spreads by exploiting a four-month-old vulnerability in Windows, by brute-force password attacks and by hitchhiking on USB devices like flash drives.
And effective. Most researchers, including those at Symantec, have said the worm is the most invasive seen in the last six years.
The faster hackers can come up with an exploit and put it on the street, the better luck they usually have, for fewer users patch their machines in the first days or weeks after a vulnerability is fixed.
Although some researchers now say that Downadup seems to have peaked — F-Secure Corp. Friday noted that its “growth…has been curbed” — researchers remained worried about the next step in the attack.
Most malware infects PCs so that hackers can then use the collected machines, dubbed a “botnet,” to send spam, attack Web sites or compromise more computers. To do that, the original attack code directs the now-controlled PC, a “bot” in security parlance, to download additional software.
But Downadup has yet to trigger such second-stage downloads.