Slashdot Mirror

← Back to Stories (view on slashdot.org)

After 1 Year, Conficker Infects 7M Computers

Posted by Soulskill on from the happy-anniversary-now-run-an-antivirus dept.

alphadogg writes "The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate. On Thursday, researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker. They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the Internet and placing their own 'sinkhole' servers on the Internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so the bad guys have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected."

8 of 95 comments (clear)

  1. Re:Cleaning job by Anonymous Coward · · Score: 5, Informative

    Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers?

    Conficker is notable because it isn't a total piece of script kiddie crap. It uses asymmetric crypto to only accept instructions from the creator. It also patches the hole on the way in, so you couldn't even reinfect Conficked boxes with a cleaner.

  2. Not really 7m at all by Yobgod+Ababua · · Score: 5, Informative

    Everyone should read the original page, particularly the Introduction and section explaining how to interpret their population numbers.
    Here's a relevant quote:

    "The daily numbers should represent the potential maximum level of the infection, but in previous test cases usually prove to be much less than that maximum. So, take the range of 25% to 75% of the values that we display as the possible infection population and you will be close to the real value."

    So the people actually providing these numbers are really saying that the current number of infections is likely to be between 1,750,000 and 5,250,000.

  3. Re:Cleaning job by migla · · Score: 3, Informative

    That would depend on whether the authors chose encryption that could be decrypted in a billion years with the combined computing power of today or if they chose some smaller number or a larger one.

    --
    Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
  4. Re:Research = do not touch. by maharb · · Score: 4, Informative

    Except jail time.

  5. Re:Cleaning job by icebike · · Score: 5, Informative

    Is there a way for the researchers to use the sinkhole to clean the worm?
     

    Probably not.

    But YOU CAN HELP:

    Just Click the the CornFlicker Eye Chart to test your machine:

    http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

    You can read about it in the link posted in TFA.

    --
    Sig Battery depleted. Reverting to safe mode.
  6. Re:Action not words! by thePowerOfGrayskull · · Score: 3, Informative

    ? Did they even put up a page where you can check yourself or your network?

    Yes

  7. Re:I'm safe! by thePowerOfGrayskull · · Score: 3, Informative

    Argue all you want, but you can't deny that such malware is a whole lot less likely to download and install itself on a Unix-based system.

  8. Re:I'm safe! by dword · · Score: 4, Informative

    Half the things you listed are malware themselves.
    Half? They're ALL malware (except for the last one, of course ;)

    Signed,
    Proud and happy user of Windows 7, OS X and Ubuntu