Tag Archives: conficker

Conficker infections drop overnight

0
Posted by Tech Paranoia on January 5, 2010 – 11:00 am
Filed under Malware
Tagged as ,

People have one more reason to celebrate the new year, according to the Shadowserver Foundation: Nearly a million Conficker-infected computers have oddly disappeared overnight.

On Jan. 1, the number of IP addresses showing signs of infection dropped by about 820,000, to 5.3 million, according to data from the Shadowserver Foundation and the Conficker Working Group. The drop continued the botnet’s waning during the latter days of December: On December 29, IP addresses showing signs of Conficker infections peaked at 6.5 million before dropping to 5.3 million at the start of the new year.

Andre’ DiMino, director and founder of the Shadowserver Foundation, said the group did not have enough data yet to determine the cause of the drop.

“Is it because of the holidays, because a large number of work PCs were turned off? Or did companies take the time to clean up the problem? We really don’t have any conclusions yet,” he said.

Conficker, also known as Downadup and Kido, has surprised many security experts with its success in propagating across the Internet. First discovered in November 2008, the worm initially spread using a vulnerability in Microsoft Windows and contacted 250 random domains to check for updates. By April, Conficker had morphed into a botnet that maintained peer-to-peer connections, but no longer spread automatically. Where the first versions of the program contacted 250 random domains, the latest version generates 50,000 random domains every day and contacts 500 of them for updates. The Conficker Working Group has blocked the software from updating itself by pre-registering domains and provides resources to companies to help detect and remove infections.

Last month, the Shadowserver Foundation started publishing the names of the network owners who continued to have a large number of infected computers. Those numbers stayed fairly consistent during the month, between 6.0 million and 6.7 million IP addresses, until it started dropping on the 29th.

The drop may not be long lived, however. By Saturday, the signs of infection had already rebounded to 5.6 million.

“It’s starting to creep back up, but we are still a million off from where we were,” DiMino said. “It will really be interesting come Monday and Tuesday, when machines start coming back on. That will really tell us whether this was remediation or just a blip.”

Source: Security Focus

Group IDs hotbeds of Conficker worm outbreaks

0
Posted by Tech Paranoia on December 16, 2009 – 2:00 pm
Filed under Viruses
Tagged as , ,

Internet service providers in Russia and Ukraine are home to some of the highest concentrations of customers whose machines are infected with the Conficker worm, new data suggests.

The report comes from the Shadowserver Foundation, a nonprofit that tracks global botnet infections. Shadowserver tracks networks and nations most impacted by Conficker, a computer worm that has infected more than 7 million Microsoft Windows PCs since it first surfaced last November.

“Conficker has managed to infect, and maintain infections on more systems than any other malicious vector that has been seen before now,” Shadowserver stated on its Web site.

Shadowserver’s numbers indicate that the largest numbers of Conficker-infested PCs are in the East, more specifically China, India and Vietnam. For example, Chinanet, among the nation’s largest ISPs, has about 92 million routable Internet addresses, and roughly 950,000 — or about 1 percent of those addresses — appear to be sickened with Conficker.

More at: Security Fix

Conficker worm to become a bigger threat in 2010

2
Posted by Tech Paranoia on December 8, 2009 – 11:00 am
Filed under Viruses
Tagged as ,

Although Microsoft offered a $250,000 reward for information leading to the identities of the cybercriminals behind Conficker, the worm continues to wreak havoc.

Since its inception, there have been numerous variants of the Conficker worm. Some variants use the exploitation of the Autorun function for removable drives and media (such as USB portable storage devices) to spread, while others take advantage of weak passwords to infiltrate networks. Another variant disables Microsoft Windows Update and blocks access to the majority of internet security vendor Web sites, which means users cannot access automatic or manual security updates.

Source: Help Net Security

Internet worms record rapid global growth

0
Posted by Tech Paranoia on December 3, 2009 – 10:00 am
Filed under Viruses
Tagged as ,

Major security developments in 2009 included Conficker, the most damaging networking worm for years. Conficker spread fast in computers using the Windows XP operating system which had not been patched with a late 2008 Microsoft update. Conficker caused serious problems for many companies and public institutions around the world.

Unlike many previous worms that were released in the wild for personal fame, Conficker was designed to call home and create a botnet of infected computers – a potentially profitable commodity for the authors of the worm. The Conficker Working Group prevented the worm from reporting home and establishing a powerful botnet. Nevertheless, millions of computers still remain infected with Conficker at the end of 2009.

Full article at: Help Net Security

First anniversary of the detection of Conficker A variant marked with claims that complacency has caused people to forget

0
Posted by Tech Paranoia on November 21, 2009 – 4:00 pm
Filed under Viruses
Tagged as

Saturday marks the first anniversary of the detection of the first variant of the Conficker virus.

One year and one day ago on the 21st November, 2008 what is now called ‘Conficker A’ was detected which propagated itself through the internet by exploiting a vulnerability in a network service (MS08-067) on various Windows operating systems.

Microsoft released an emergency out-of-band patch on 23rd October, 2008 to close the vulnerability but many PCs remained unpatched as late as January 2009. Further variants were detected in December 2008 and late February 2009, with the D variant that utilised P2P file sharing detected only a few days after the widely predicted ‘meltdown’ on 1st April.

Read the full article at SC Magazine UK