RSS Alerts

Share

More services

Related Links

Related Stories

  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...
  • Conficker and Facebook / Twitter attacks dominate Q1 email threats
    The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch.
  • Conficker methodology appears in updated Neeris worm
    Even though version D of the Conficker worm failed to cause havoc - as was widely predicted - on April 1, the worm's methodology continues to cause problems in the shape of an updated version of the Neeris worm.
  • IBM warns over four percent Conficker infection rate
    After scanning around two million PCs, IBM's ISS security division says that around four percent of the PCs it scanned were infected by the Conficker worm.
  • Rustock takedown: US hosting providers drawn into the fallout
    Last week's shutdown of the Rustock botnet by Microsoft and various security agencies appears to have been a lot more complex than it first appeared, as a Kansas City-based hosting provider seems to have unwittingly assisted the botnet operators.

Top 5 Stories

News

Conficker's first birthday looms - seven million IPs still infected

03 November 2009

As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses - each representing one or more computers - are now infected by the worm.

Conficker - also known as Downup, Downadup and Kido - is a Windows worm that targets flaws in the operating system to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors.

The Conficker worm uses a combination of advanced malware techniques which has made it difficult to counter, and since appearing last November has spread rapidly into what is now believed to be the largest computer worm infection since the SQL Slammer of 2003.

According to the Shadowserver Foundation, a volunteer group of IT security professionals, the Conficker worm is still very common in Brazil and China.

Interestingly, the foundation said that it has been able to keep track of Conficker worm infections by cracking the algorithm the worm uses to look for instructions on the internet and placing their own 'sinkhole' servers on the domains it is programmed to visit.

Infosecurity notes that, despite the size of the botnet, Conficker has only rarely been used by the criminals who control it, although no reason has been put forward by security experts as to why this should be the case.

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012