Big New Botnet Growing Out Of Windows Worm
Around 500,000 infected bots spotted around the globe
Researchers at Trend Micro have spotted a new botnet populating via a new Windows worm attack. The botnet has reached 500,000 infected machines so far.
The worm, which Trend Micro named WORM_DOWNAD.A, exploits the MS08-067 vulnerability that Microsoft patched in its Windows Server service in late October. Microsoft malware researchers last week noticed a new wave of attacks exploiting the bug, which Microsoft calls Worm:Win32/Conficker.A. At the time, the attacks were mostly targeted and aimed at corporations, but it has now spread to consumer machines as well.
Ivan Macalintal, an advanced threats researcher for Trend Micro, reported that the attack has spread around the world, to the U.S., China, India, the Middle East, Europe, and Latin America. Several residential broadband providers also have a large number of infected customers, he said.
In a published report, Macalintal said the botnet is unrelated to those displaced by the shutdown of malicious hosting provider McColo. The new botnet is the work of a separate cybercriminal operation, he said.
Meanwhile, Microsoft last week urged customers to install the MS08-067 update, which protects against the worm attack and bot infection.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message
Read more about:
2008About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024