April 1 came and went, and… nothing happened. Several days later, another variant appeared, but without the Internet ending (as some of the worst reporting would have led readers believe) most people believed that DOWNAD, as a major threat, was gone.

While it may no longer be as in the news at it was at its height, DOWNAD didn’t suddenly go away. Recent estimates from the Conficker Working Group place the number of unique IP addresses affected by the top 3 DOWNAD variants at well over 5 million. Even considering the group’s disclaimer of putting the number of actually infected systems at only 25-75% of that number, a minimum of 1.25 million infected systems is nothing to laugh at.

The Trend Micro World Virus Tracking Center (WTC) numbers bear this out as well. Almost 790,000 systems were found to be infected with DOWNAD variants in the first three months of the year. In the three succeeding months, that number was almost 1.9 million. Clearly, DOWNAD did not decide to quietly go away.

In addition, out of the public eye, DOWNAD went off and did something with all those infected systems: it went off and formed its own botnet. This was documentedin mid-April by Advanced Threat Researchers Paul Ferguson and Ivan Macalintal. The short version, however, is simpler: DOWNAD was used to create a botnet. These can be used for the usual range of threats: spam, Denial of Service attacks, spreading FAKEAV malware, and so on.

Like it or not, malware threats are part of what users have to deal with day in, day out. Like anything people deal with regularly, people become used to malware threats. What was once noteworthy and unusual becomes dull and ordinary. However, this in fact doesnotmake the threat any less dangerous. If anything, it can be argued that it makes the threat more dangerous, as users are more likely to be caught unaware of a threat that may not be something they’re looking out for.

In a very real way, threats like DOWNAD become part of the background noise that is a part of life on the Internet. While it may be unrealistic to expect individual users to keep in mind all threats, but good computing practices will help immensely. The most important one may be: keep your software up to date. This is particularly true for your operating system–a properly patched system would have been proof against most DOWNAD variants. Trend Micro users would have been protected via the Smart Protection Network, of course, but closing the underlying vulnerability would still have been essential.

The price of using your computer freely in today’s Internet may well be constant and unceasing vigilance.

On non-Home versions of Windows (for example, Windows XP Professional, Vista Ultimate): 

1. Click Start, click Run, enter gpedit.msc (launch Group Policy Editor); 
2. XP users: Open Computer Configuration | Administrative Templates | System, 
Vista users: Open Computer Configuration | Windows Components | AutoPlay Policies; 
3. Find Turn Off AutoPlay in the right-hand pane and double-click it; 
4. Choose Enabled and set it for All drives.

Or, in any Windows version:

1. Launch the Registry editor (Start | Run | regedit); 
2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\ 
CurrentVersion\Policies\Explorer; 
3. Double-click NoDriveTypeAutoRun in the right-hand pane and set its value to hexadecimal FF.

Good Luck and be sure to try this out if you browse the internet a good bit and also use your flash drive with your computer and others! If you have any questions or comments on how to do this feel free to leave a comment and I will be glad to help any way I can in getting you all setup!

The belated updates were spotted by researchers for Trend Micro following the arrival of a new file in one of the directories in so-called “honeypot” machines deliberately seeded with Conficker C. Analysis showed that the file had arrived via the peer-to-peer file transfer system that infected machines use to communicate. In a bid to avoid alerting people to its activity, the update is slowly being trickled across the population of machines harbouring the C variant. Exact figures for the number of Conficker-infected machines are hard to determine, but the minimum is widely believed to be three million.

“The Conficker/Downad P2P communications is now running in full swing,” wrote Ivan Macalintal from Trend Research on the company’s security blog. Once it arrives on a machine, the package of data randomly checks one of five different websites – MySpace, MSN, eBay, CNN and AOL – to ensure its host still has net access and to confirm the current time and date. Following this check the data package removes all traces of its installation.

The strong encryption on the payload has, so far, prevented detailed analysis of what it actually does. However, security experts speculate that it is a “rootkit” that will bury itself deep in Windows in order to steal saleable data such as bank website login details. Security researchers are continuing to analyse the payload to get a better idea of what it is intended to do.

Symantec said it too had noticed the increased activity of Conficker and its analysis suggested a link with another well-known virus called Waledac. This malicious program steals sensitive data, turns PCs into spam relays and opens up a backdoor so the machine can be controlled remotely. The security firm noticed that the update also included an instruction to the worm to remove itself on 3 May, 2009. However, the Waledac imposed backdoor on the machine will remain open, so its creators can still control compromised PCs.

“Think of it as an updated module that’s more aggressive, more robust in defending itself,” Weafer says.

The W32 Downadup.C variant was discovered Friday in a Symantec honeypot and is still under investigation. Symantec expects to identify additional capabilities shortly, says Weafer, who adds that Symantec has not yet seen W32.Downadup.C in customer networks directly. Earlier versions of Downadup did attempt to disable anti-virus software, but the third version represented in the Downadup.C module is designed mainly to provide more protective actions to infected Windows-based machines so they can better defend themselves from anti-virus software and other eradication methods.

“It’s more aggressive, it has more services,” says Weafer.

So this is just another good reason to keep your Windows computer up-to-date with all the latest updates and to have good anti-virus software running at all times. Also remember to just use some common sense when browsing the internet as thats where the majority of these types of infections come from (along with emails) because people don’t pay attention when they are browsing around different websites.

Lastly, if you are in need of some good anti-virus software but seem to be somewhat short on cash… you should probably check out these two awesome (and free) anti-virus programs: AVG Free & Avast Free!