DOWNAD is currently one of the most prevalent malwares, due mostly to the use of Windows XP allowing exposure to the threat, according to an analysis by Trend Micro. Also known as Conficker, DOWNAD targets enterprises and small to medium businesses, affecting their entire networks via avenues such as spam emails, removable drives and malicious URLs.
Trend Micro reports that their spam surveillance revealed malware related email delivered by DOWNAD infected machines in excess of 40 percent. Among the spam runs reported, some of the most commonly used hosts were file storage platforms, such as Dropbox, which cybercriminals exploit to mask their invasive activities and go undetected in systems and networks.
The malware also has its own domain generation algorithm, allowing the worm to create randomly-generated URLs, which it then uses as a connection for downloading files on the system.
Based on this data, the report concludes that DOWNAD, together with CUTWAIL (Pushdo) botnet and Gameover ZeuS (GoZ), are currently the top sources of spam with malware.