RSS Alerts

Related Links

Related Stories

  • Conficker and Facebook / Twitter attacks dominate Q1 email threats
    The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch.
  • Conficker concern continues
    Conficker continued to garner attention from security vendors this month as it spread across the internet.
  • Microsoft Conficker
    Microsoft's Conficker Cabal has been steadily registering domain names targeted by the Downadup/Conficker worm in a bid to choke off its update mechanism.
  • Conficker still a threat, says Working Group
    The Conficker worm continues to be a threat and businesses need to be aware of two vulnerabilities it may have introduced to their IT systems, says an industry group set up to combat the malware.
  • Taking Down a Botnet
    This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network.
    Members' Content

News

Conficker still rampant in some countries' networks

21 December 2009

The Conficker worm is still thriving on networks in India, Chile, Russia and the Ukraine, where infection rates are up to 16%.

Research on Conficker infections, from non-profit botnet tracking consortium the ShadowServer Foundation, found that while Conficker infections were relatively minimal on US networks, the countries listed had high concentrations of infections. The Foundation monitored autonomous systems (ASs), which are IP prefixes owned by one or more organizations that present a single, consistent routing policy to the internet.

The ASs, represented by autonomous system numbers (ASNs), showed high levels of infection with the Conficker A, B, and C variants over the course of the year. In India, 13.73% of ICLNet-AS's IP unique addresses suffered from unique A, B or C Conficker infections. Another AS, Alliance-Gateway-AS, had a 15.07% hit rate. Wishet-AS suffered from 14.74%.

Russia's ASNs frequently came in at the 4-5% mark. Particularly high scorers were SAN, with 8.18% of unique IP addresses suffering from Conficker infections. Mordovia had 9.97%, and Maginfo, another AS, had 10.62%.

Thailand's CAT-AS had 8.5%, while Vietnam's VNPT-AS had 9.93% of its unique IP addresses infected with the worm. The Ukraine's Telesweet had 13.03% of its IPs compromised with the malware.

China's Chinanet took pole position in sheer numbers, with 915 643 unique IPs infected by the Conficker worm. However, its routing space is huge, with 92.5 million separate addresses in that single AS.

Conficker's spread throughout the year has been steadily increasing, according to aggregate data gathered by the Foundation. However, the worm still hasn't delivered a clear payload. For the most part, its main activity to date seems to be simply replicating itself across different systems. The Conficker Working Group, of which the ShadowServer Foundation is a founding member, is still waiting for the other shoe to drop.

"At the end of the day, we can’t speculate on the intentions of criminals, but what we can do is work to limit the impact of any second phase", said a statement on the Working Group's website. 

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water