Slashdot Mirror
After 1 Year, Conficker Infects 7M Computers
alphadogg writes "The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate. On Thursday, researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker. They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the Internet and placing their own 'sinkhole' servers on the Internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so the bad guys have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected."
Conficker is notable because it isn't a total piece of script kiddie crap. It uses asymmetric crypto to only accept instructions from the creator. It also patches the hole on the way in, so you couldn't even reinfect Conficked boxes with a cleaner.
Everyone should read the original page, particularly the Introduction and section explaining how to interpret their population numbers.
Here's a relevant quote:
"The daily numbers should represent the potential maximum level of the infection, but in previous test cases usually prove to be much less than that maximum. So, take the range of 25% to 75% of the values that we display as the possible infection population and you will be close to the real value."
So the people actually providing these numbers are really saying that the current number of infections is likely to be between 1,750,000 and 5,250,000.
That would depend on whether the authors chose encryption that could be decrypted in a billion years with the combined computing power of today or if they chose some smaller number or a larger one.
Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
Except jail time.
Is there a way for the researchers to use the sinkhole to clean the worm?
Probably not.
But YOU CAN HELP:
Just Click the the CornFlicker Eye Chart to test your machine:
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
You can read about it in the link posted in TFA.
Sig Battery depleted. Reverting to safe mode.
? Did they even put up a page where you can check yourself or your network?
Yes
Argue all you want, but you can't deny that such malware is a whole lot less likely to download and install itself on a Unix-based system.
Half the things you listed are malware themselves. ;)
Half? They're ALL malware (except for the last one, of course
Signed,
Proud and happy user of Windows 7, OS X and Ubuntu
The researchers behind this botnet hijack did report to the appropriate people: http://www.youtube.com/watch?v=2GdqoQJa6r4&feature=youtube_gdata
And they also say counting IP addresses is off by a factor of 10.
so 7 million IP adddresses really mean 700.000 computers
Analysing is always the first step, I'm sure they or other people are coming up with something. Like selling their malware remover software ;-)
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
They have yet to demonstrate that their device is capable of quantum computation. Rather than address that they've made it compute with larger registers of bits but don't seem to have ever verified that an "answer" from it is correct; it could be spitting out classical random numbers for all anyone knows. Furthermore, the guys who developed the theory for an adiabatic quantum computer (the type of computer that D-Wave is making) say D-Wave doesn't seem to understand the theory and can't possibly be making true claims. See the criticism section of the Wikipedia article, it has some good links.
So if this is the future...where's my jet pack?