RSS Alerts

Share

More services

Related Links

Related Stories

  • Conficker and Facebook / Twitter attacks dominate Q1 email threats
    The Conficker worm and attackers’ social engineering techniques exploiting users on Facebook, Myspace and Twitter, dominated the email threats in the first quarter (Q1) of 2009, according to identity-based unified threat management (UTM) solutions provider Cyberoam and its Israeli messaging and web security partner Commtouch.
  • Conficker concern continues
    Conficker continued to garner attention from security vendors this month as it spread across the internet.
  • Microsoft Conficker
    Microsoft's Conficker Cabal has been steadily registering domain names targeted by the Downadup/Conficker worm in a bid to choke off its update mechanism.
  • Conficker's first birthday looms - seven million IPs still infected
    As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses - each representing one or more computers - are now infected by the worm.
  • Information security threats in H1 2009: malware and rogue security software
    Microsoft has just released its Security Intelligence Report volume 7 (SIRv7) for the first half (H1) of 2009 exploring the most prevalent information security threats - malware and rogue security software.

Top 5 Stories

News

Conficker still rampant in some countries' networks

21 December 2009

The Conficker worm is still thriving on networks in India, Chile, Russia and the Ukraine, where infection rates are up to 16%.

Research on Conficker infections, from non-profit botnet tracking consortium the ShadowServer Foundation, found that while Conficker infections were relatively minimal on US networks, the countries listed had high concentrations of infections. The Foundation monitored autonomous systems (ASs), which are IP prefixes owned by one or more organizations that present a single, consistent routing policy to the internet.

The ASs, represented by autonomous system numbers (ASNs), showed high levels of infection with the Conficker A, B, and C variants over the course of the year. In India, 13.73% of ICLNet-AS's IP unique addresses suffered from unique A, B or C Conficker infections. Another AS, Alliance-Gateway-AS, had a 15.07% hit rate. Wishet-AS suffered from 14.74%.

Russia's ASNs frequently came in at the 4-5% mark. Particularly high scorers were SAN, with 8.18% of unique IP addresses suffering from Conficker infections. Mordovia had 9.97%, and Maginfo, another AS, had 10.62%.

Thailand's CAT-AS had 8.5%, while Vietnam's VNPT-AS had 9.93% of its unique IP addresses infected with the worm. The Ukraine's Telesweet had 13.03% of its IPs compromised with the malware.

China's Chinanet took pole position in sheer numbers, with 915 643 unique IPs infected by the Conficker worm. However, its routing space is huge, with 92.5 million separate addresses in that single AS.

Conficker's spread throughout the year has been steadily increasing, according to aggregate data gathered by the Foundation. However, the worm still hasn't delivered a clear payload. For the most part, its main activity to date seems to be simply replicating itself across different systems. The Conficker Working Group, of which the ShadowServer Foundation is a founding member, is still waiting for the other shoe to drop.

"At the end of the day, we can’t speculate on the intentions of criminals, but what we can do is work to limit the impact of any second phase", said a statement on the Working Group's website. 

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012