What is DownAd

DownAd is a Worm. A deadly worm, which is causing nightmares to the security experts and spreading very fast these days.

And the magnitude of the infection is big. An estimate suggests that more than 8 million users are already infected with DownAd. Initially thought to be working in conjunction with a NETWORM variant, WORM_DOWNAD.A is now believed to be an updated version of an attack from the same criminal botnet gang.

How does DownAd Operate

Downadup worms attempt to call home. They do this by trying to connect to various Web addresses. And if the worm finds an active Web server at one of these domains, it will download and run a particular executable — thus giving the malware gang a free hand to do whatever they want with all of the infected machines.

They could build a large botnet for example. The framework is in place. Normally malware uses only one or maybe a handful of websites. Such sites are generally easy to locate and shut down.

Then there is Downadup. It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. With this algorithm, the worm generates many possible domain names every day.

Hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org.

This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place. However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines. Pretty clever.

So why is DownAd so successful? Simple – poor security policies.

The first propagation technique is really exploiting poor patch management. A patch for this vulnerability has been available since late last year, but still some administrators (or the safety representatives) have not properly rolled this out to all machines on their network.

Remember even one unpatched machine is enough to have this worm spread through the entire network. Patch management is a critical component of any IT department’s job today, and it is vitally important that it is applied in a timely fashion across ALL of the company’s machines, including laptops and other mobile devices. Companies also need to have very clear policies on patch levels of external parties who access their network (e.g. partner companies, contractors, etc). Like so many aspects of security, it only takes one hole to bring down an entire network.

Technical Details of DownAd

  • Full name: DownAd
  • Date Appeared: Dec. 2008
  • Characteristic: Worm
  • URL:

Do I need to remove xxxxx

You can yourself search your computer manually, but it is not recommended unless you are a tech-geek. To save time and effort, we recommend you to download a FREE Scanner.

Free Scan for xxxxx