Conficker controls four per cent of all infected PCs

As many as one out of every 25 Internet addresses that transmits potentially dangerous data over the Internet is infected with the Conficker.c worm, IBM Corp.’s security arm said today.

One day after the worm began communicating with its hacker controllers over a new command channel — a trigger that failed to wreak the havoc some had predicted — IBM Internet Security Systems’ X-Force team had enough data to estimate its size, said Holly Stewart, the group’s threat response manager.

Stewart refused to estimate. “We simply didn’t want to report a number that would be inaccurate,” Stewart said in a post to the X-Force blog.

Using techniques developed in-house, X-Force has been able to detect machines plagued with the newest variant of Conficker by picking apart incoming Internet traffic to find the worm’s peer-to-peer communications. Earlier in the week, X-Force used that ability to pinpoint the geographic location of Conficker.c-infected PCs and found that most of them were in Asia and Europe, with relatively few in the Canada or the U.S.

Today, it released numbers that gave a glimpse into the possible size of the Conficker.c botnet. “Four percent of the sources of suspicious activity on the Internet are infected with Conficker.c,” said Tom Cross, the manager of X-Force, in a telephone interview late today. X-Force arrived at that number by monitoring the traffic hitting its customers’ intrusion prevention appliances.

It’s impossible to correlate that percentage — which essentially means that one out of every 25 infected PCs has been hit with Conficker — to the general IP population, Cross cautioned. Clearly, the four per cent isn’t the fraction of the world’s computers that are infected, he said. “There are people doing extrapolations using different methods who are coming up with estimates like that,” he added.

One such estimate pegged the number of Conficker.c-infected systems rather precisely. According to Nguyen Tu Quang, chief technology officer at Bach Khoa Internetwork Security (BKIS), an antivirus vendor based in Hanoi, Vietnam, there are 1,384,100 computers harboring the worm.

China leads all countries in the count, Nguyen said in an e-mail today, noting that 13.7 per cent of all Conficker.c infections are located there. Brazil and Russia follow in the No. 2 and No. 3 spots, with 10.4 per cent and 9.3 per cent, respectively. The U.S., meanwhile, accounts for just 2.6 per cent of the total, or just over 35,000 PCs.

X-Force has detected a significant increase in the number of infected IP addresses since Monday, Stewart said in her blog. On Monday, for instance, it found 37,000 unique IP addresses with signs of Conficker.c infection, while by Wednesday the number had jumped to 64,000, an increase of 71 per cent.

Cross, however, said that the climbing numbers didn’t mean Conficker.c was spreading, but was only an artifact of the way it detected infections. “The way that we detect Conficker.c means that it takes time to find [infected systems],” he said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Featured Tech Jobs

 

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.