Big New Botnet Growing Out Of Windows Worm

Around 500,000 infected bots spotted around the globe

Dark Reading Staff, Dark Reading

December 2, 2008

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Researchers at Trend Micro have spotted a new botnet populating via a new Windows worm attack. The botnet has reached 500,000 infected machines so far.

The worm, which Trend Micro named WORM_DOWNAD.A, exploits the MS08-067 vulnerability that Microsoft patched in its Windows Server service in late October. Microsoft malware researchers last week noticed a new wave of attacks exploiting the bug, which Microsoft calls Worm:Win32/Conficker.A. At the time, the attacks were mostly targeted and aimed at corporations, but it has now spread to consumer machines as well.

Ivan Macalintal, an advanced threats researcher for Trend Micro, reported that the attack has spread around the world, to the U.S., China, India, the Middle East, Europe, and Latin America. Several residential broadband providers also have a large number of infected customers, he said.

In a published report, Macalintal said the botnet is unrelated to those displaced by the shutdown of malicious hosting provider McColo. The new botnet is the work of a separate cybercriminal operation, he said.

Meanwhile, Microsoft last week urged customers to install the MS08-067 update, which protects against the worm attack and bot infection.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Read more about:

2008

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights