Downadup: Expert worries about smart phone, TinyURL threats

Malware writers just waiting for financial incentive to strike, F-Secure exec warns.

Don't get Patrik Runald wrong: the Downadup worm (also called Conficker) has been a big deal.

It's just that F-Secure's chief security advisor doesn't want people overlooking the other 29,999 malware files his company sees a day, or ignoring the prospects of smart phone malware or even threats that exploit the TinyURLs made so popular through social network sites such as Twitter.

"Holes in some of these things would be trivial for the bad guys to exploit once they have the financial incentive to do it," says Runald, who works out of F-Secure's San Jose operation.

But first, back to Downadup. Runald claims F-Secure was the first one to really recognize how big a deal this worm was going to be and got the honor of naming it, though others wound up giving it separate monikers, including Kaspersky Lab, which dubbed it Kido. In recent weeks, conflicting reports have surfaced about how big an impact Downadup had on enterprise networks, but Runald emphasizes it made a mess of things. His company talked with IT staffs at hospitals that had "fairly critical infrastructure" affected by the worm. One company had 3,000 accounts shut out by the worm, which locked files so that only the system account could get at them.

Downadup does seem to have leveled off in terms of affected IP addresses per day, currently in the 3 million ballpark whereas it had peaked at somewhere in the 10 million to 15 million range, Runald says. He doesn't expect the perpetrators to distribute a feared payload either now that all eyes are on the worm.

"I think the person or people behind it got kind of scared that it got as big as it did," he says. "Distributing the payload now would put too much heat on them."

Still, Runald says it's puzzling that the Downadup creator or creators didn't strike when they could, with access to information on millions of enterprise machines. He says the worm has worked amazingly well considering how multifeatured/complex it is. "Typically we see more bugs in code this complicated," he says.

Despite the formation of an industry coalition that F-Secure is part of to quash Downadup, and Microsoft's much publicized US$250,000 bounty on the head or heads of the worm's creators, Runald doesn't expect the villain or villains will be nabbed. While the bounty can't hurt, he says the reality is that anyone who could provide information about those behind Downadup probably is deep into cybercrime themselves and wouldn't want the heat from law enforcement. "$250,000 is not a lot compared to what some of these groups are making," he says.

Downadup/Conficker has received more mainstream media attention than any such worm since Sasser back in 2004, Runald says. One silver lining is that the coverage could be a wake-up call to consumers (he says enterprises are already pretty well aware of continuing threats). "A lot of consumers think the situation has been getting better, whereas in fact we've found 14 million malware samples over the last 12 months, so it's actually getting far worse."

Mobile malware threat

The next frontier for malware writers could be smart phones, though Runald says there aren't many signs of growth yet. F-Secure has been anticipating trouble on the mobile front for years, having delivered its first product in this particular market back in 2001, three years before the first mobile malware was found (with headquarters in Finland about a mile from those of handheld market leader Nokia, this comes as little surprise). To date, about 420 mobile threats have surfaced, Runald says.

He credits efforts made by Symbian to shore up its mobile operating system with dissuading malware writers given that the OS is so prevalent on Nokia phones. It was only last month that the first Symbian S60 3rd edition malware was spotted.

More so than worms or viruses, the big threat on mobile devices today is spyware, Runald says. He sites a program called Flex-iSpy out of Bangkok that purports to be a backup tool as being a particular troublemaker, though notes it does require physical access to the device to load it. F-Secure plans to show how a spyware program looks like on an iPhone at the CTIA Wireless conference in Las Vegas in April.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags downadup

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bob Brown

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?