Security company Kaspersky Lab has identified 200,000 unique addresses in Conficker’s peer-to-peer network – but the actual number of nodes affected is far higher.
New research by Kaspersky has re-opened the question of whether Conficker was hyped. While the Conficker worm generated an intense amount of public interest, the number of computers infected with the newest variant of the worm seems to be relatively small.
“While analysing Kido [Conficker] network behaviour we’ve been able to develop an application that helped us to get an in depth insight into the peer-to-peer network communications of the malware, which have been used to distribute updates over the last week,” blogged Georg Wicherski, a virus analyst at the security company. “Over a 24 hour observation period, we’ve been able to identify 200,652 unique IPs participating in the network, far less then initial estimated Kido infection counts.”
However, Kaspersky Lab senior antivirus researcher Roel Schouwenberg noted this is just the number of computers the company detected participating in the P2P network. The total number of infected machines is still in the millions, Schouwenberg told eWEEK.
At various points, vendors have put the number as high as 9 million. Efforts by the security community such as The Conficker Working Group seem to have paid off, but the group still puts the current number of unique IPs infected with variants A, B and C at roughly 3.6 million.
Only a fraction of the nodes infected with earlier variants appear to have been updated, according to Wicherski’s blog post. Kaspersky’s analysis also found that the highest concentrations of infected machines are in Brazil, China and the eastern part of the United States, which is reminiscent of similar findings from IBM’s X-Force earlier this month.
The latest iteration of the worm has been tied to a scheme to trick users into downloading rogue anti-virus. There are a number of tools available to help victims remove and detect the malware, as well as a patch for the Microsoft vulnerability targeted by multiple versions of the worm.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
It amazes me the number of stories that either cant get their facts straight or read information sources accurately.
This story infers that kaspersky's account of 200K IP's is wrong and that the number of infected machines is actually in the millions...
We if you read the kaspersky information properly you will see that specifically stated the 200k IP's they monitored specifically belonged to the latest varient using only p2p as their contact method and only over 24 hour period of monitoring.
Please can people get their stories right and more accurate.
We make it clear that Kaspersky tracked one version and only for 24 hours, and that therefore the infection rate is higher than 200,000.
We didn't intend any criticism of Kaspersky, and we have had no other complaints.
We're sorry you read the story that way.