IBM warns over four percent Conficker infection rate

The revelation comes after reports that the worm was due to mass-trigger on April 1 proved to be inaccurate, Infosecurity notes.

With a 4 percent infection rate, this places Conficker as the worst malware infection for some time.

As part of its research, IBM says its engineers managed to reverse engineer the Conficker-C program cede and developed a method of measuring the clandestine peer-to-peer traffic that the worm triggers.

By scanning for this traffic, IBM was able to come up with its estimate of infections on internet-facing PCs.

IBM's claims have been backed up by OpenDNS, which has announced its research teams have also spotted a larger number of infections than it was expecting with the worm.

Conficker, also known as Downup, Downadup and Kido, is a worm that targets Windows, and was first spotted last October.

An early variant of the worm propagated across the internet by exploiting a vulnerability in the Windows network stack, but has been difficult for network operators to counter because of its multi-vectored use of advanced malware techniques.

Some reports had tagged Conficker infections at around the three to four million PC mark, but IBM's percentiles suggest that the worldwide infection rate could be around 25 million or more.

The biggest question, however, is what Conficker will do in the future.

Because of its self-updating nature, it is not unreasonable to assume that a hacker group exists and is waiting patiently for the infection rate to spike - and will then remote trigger all variants to perform an as yet unknown attack.

According to SRI International, Conficker B was reported to have infected around 6.7 million IP address by early March, since when that figure has almost certainly risen.

If, as IBM suggests, Conficker has really infected around 25 million internet-facing PCs then the industry could be looking at the effective closure of the internet if a widespread distributed denial of service attack is triggered by the worm.

McAfee has developed a Conficker detection utility which is available on the internet. It may well be worth Infosecurity readers downloading and running this free utility.

What’s Hot on Infosecurity Magazine?