RSS Alerts

Share

More services

Related Links

  • McAfee
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Greater Manchester Police hit by Conficker
    The continuing problem of staff popping infected USB sticks `from home' into their office PCs has reportedly hit Greater Manchester Police with a full-blown Conficker worm infection.
  • Koobface rises again - this time it's a Christmas greeting
    Reports are coming in of a new variant of the Koobface worm doing the rounds of PCs connected to the internet. This latest variation of the long-running criminal-driven malware uses a Christmas greeting to spread infections via the Facebook social networking portal.
  • Information security threats in H1 2009: malware and rogue security software
    Microsoft has just released its Security Intelligence Report volume 7 (SIRv7) for the first half (H1) of 2009 exploring the most prevalent information security threats - malware and rogue security software.
  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...
  • Taking Down a Botnet
    This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network.

Top 5 Stories

News

IBM warns over four percent Conficker infection rate

03 April 2009

After scanning around two million PCs, IBM's ISS security division says that around four percent of the PCs it scanned were infected by the Conficker worm.

The revelation comes after reports that the worm was due to mass-trigger on April 1 proved to be inaccurate, Infosecurity notes.

With a 4 percent infection rate, this places Conficker as the worst malware infection for some time.

As part of its research, IBM says its engineers managed to reverse engineer the Conficker-C program cede and developed a method of measuring the clandestine peer-to-peer traffic that the worm triggers.

By scanning for this traffic, IBM was able to come up with its estimate of infections on internet-facing PCs.

IBM's claims have been backed up by OpenDNS, which has announced its research teams have also spotted a larger number of infections than it was expecting with the worm.

Conficker, also known as Downup, Downadup and Kido, is a worm that targets Windows, and was first spotted last October.

An early variant of the worm propagated across the internet by exploiting a vulnerability in the Windows network stack, but has been difficult for network operators to counter because of its multi-vectored use of advanced malware techniques.

Some reports had tagged Conficker infections at around the three to four million PC mark, but IBM's percentiles suggest that the worldwide infection rate could be around 25 million or more.

The biggest question, however, is what Conficker will do in the future.

Because of its self-updating nature, it is not unreasonable to assume that a hacker group exists and is waiting patiently for the infection rate to spike - and will then remote trigger all variants to perform an as yet unknown attack.

According to SRI International, Conficker B was reported to have infected around 6.7 million IP address by early March, since when that figure has almost certainly risen.

If, as IBM suggests, Conficker has really infected around 25 million internet-facing PCs then the industry could be looking at the effective closure of the internet if a widespread distributed denial of service attack is triggered by the worm.

McAfee has developed a Conficker detection utility which is available on the internet. It may well be worth Infosecurity readers downloading and running this free utility.

http://www.mcafee.com/us/enterprise/confickertest.html

This article is featured in:
Business Continuity and Disaster Recovery  • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012