Slashdot Mirror

← Back to Stories (view on slashdot.org)

After 1 Year, Conficker Infects 7M Computers

Posted by Soulskill on from the happy-anniversary-now-run-an-antivirus dept.

alphadogg writes "The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate. On Thursday, researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker. They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the Internet and placing their own 'sinkhole' servers on the Internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so the bad guys have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected."

5 of 95 comments (clear)

  1. Cleaning job by Acapulco · · Score: 2, Interesting

    Is there a way for the researchers to use the sinkhole to clean the worm?

    Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers? So along counting the number of PC's infected they also help in cleaning the worm. Impossible?

    --
    Slashdot. Unreadable news to annoy nerds. - wonkey_monkey
    1. Re:Cleaning job by Runaway1956 · · Score: 2, Interesting

      I would cite the various "good samaritan" laws, as well as implied consent. The braindead gave implied consent to have viral infections cleaned from their computers by having an infection to start with.

      FFS - everyone worries about being sued, so they do nothing. You bet your arse, if I were smart enough to program the virus to self destruct, I would do so in an instant. No thoughts about being sued, period.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  2. I think there is one way by xant · · Score: 2, Interesting

    Figure out how to trace a significant percentage of those IPs to their IP blocks to their ISPs. Notify the ISPs. Start a coalition among them to shut off infected customers with a message explaining why and how to fix. Start an advertising campaign to get public support for this and help pressure ISPs to join even though it is not in their short-term self-interest; sell it to them as good PR at this point. Ask them to send a coupon to customers who disinfect, with prorated hours to reimburse the customer for time spent disconnected due to the infection; 90% will never collect on it anyway. Again, pitch this as good PR. Ask them to do this again for the next major infection, again for good PR. (As far as I'm concerned, big companies can crow to the rafters about all their good deeds, as long as they actually do them.)

    It's pretty hard to kill this off with tech, but policy might work.

    --
    It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
  3. So disappointing by ndogg · · Score: 4, Interesting

    I know I'm a terrible person for thinking this, but I was really curious about the chaos that was to ensue once Conficker's creators brought the hammer down.

    *sigh*

    Alright, so hell is that way, right? --->

    --
    // file: mice.h
    #include "frickin_lasers.h"
    1. Re:So disappointing by Civil_Disobedient · · Score: 2, Interesting

      I was really curious about the chaos that was to ensue once Conficker's creators brought the hammer down.

      The most effective pathogens are the ones that keep their host alive as long as possible, because then they have best chances of re-infecting the healthy. BotNets are no different. If you "bring the hammer down," you lose everything.

      This is the reason why influenza is a far more dangerous killer than, say, Ebola.