Big New Botnet Growing Out Of Windows Worm

Researchers at Trend Micro have spotted a new botnet populating via a new Windows worm attack. The botnet has reached 500,000 infected machines so far.

The worm, which Trend Micro named WORM_DOWNAD.A, exploits the MS08-067 vulnerability that Microsoft patched in its Windows Server service in late October. Microsoft malware researchers last week noticed a new wave of attacks exploiting the bug, which Microsoft calls Worm:Win32/Conficker.A. At the time, the attacks were mostly targeted and aimed at corporations, but it has now spread to consumer machines as well.

Ivan Macalintal, an advanced threats researcher for Trend Micro, reported that the attack has spread around the world, to the U.S., China, India, the Middle East, Europe, and Latin America. Several residential broadband providers also have a large number of infected customers, he said.

In a published report, Macalintal said the botnet is unrelated to those displaced by the shutdown of malicious hosting provider McColo. The new botnet is the work of a separate cybercriminal operation, he said.

Meanwhile, Microsoft last week urged customers to install the MS08-067 update, which protects against the worm attack and bot infection.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message