Friday, April 3, 2009

Conflicker The worst worm created in years now affecting pc's worldwide

Be careful. Ofcourse you are not alone. Already 4% of world pc's got affected with
this virus.

Conficker.c controls 4% of all infected PCs, IBM says Vietnamese security company pegs the count at 1.3 million worldwide, 35,000 in the U.S.

As many as one out of every 25 Internet addresses that transmits potentially dangerous data over the Internet is infected with the Conficker.c worm, IBM Corp.'s security arm said today

One day after the worm began communicating with its hacker controllers over a new command channel -- a trigger that failed to wreak the havoc some had predicted -- IBM Internet Security Systems' X-Force team had enough data to estimate its size, said Holly Stewart, the group's threat response manager.

IBM is the second company in two days to suggest that the number of computers infected by the Conficker.C worm may be higher than previously thought.

After scanning 2 million computers over the past 24 hours, IBM's Internet Security Systems (ISS) division said Thursday that it had spotted the worm on 4 percent of the IP addresses it monitored.

Although Conficker is clearly the worst worm outbreak in years, the results came as a surprise, according to Holly Stewart, a threat response manager with ISS. "It is higher than what we expected; I thought we'd see 1 to 2 percent," Stewart said.

Late last week, IBM researchers reverse-engineered Conficker and figured out a way to track infections by measuring peer-to-peer traffic on the network. They used that technique to reach their estimate.

The results are similar to numbers released Wednesday by OpenDNS, which said it had also spotted a much larger number of infections than expected. Both IBM and OpenDNS' numbers count Conficker.C, the latest variant of the worm, and one that is easier to spot communicating on the network.

Conficker began spreading in October 2007, using a handful of sneaky tricks to spread. Once it infects a machine, it can spread very quickly on a local area network by taking advantage of a now-patched flaw in Microsoft Windows.

Experts had pegged Conficker infections in the 2 million to 4 million range, but IBM's numbers suggest that they may be much higher than that, perhaps in the tens of millions.

Still, Stewart cautioned against concluding that 4 percent of Internet users had been infected. "It's not a perfect number, nothing is. But it's the best that we can give with the data we have right now."

It's possible that Conficker infections are approaching 4 percent, said Danny McPherson, chief security officer with Arbor Networks. Because Conficker is more likely to infect certain types of users -- broadband consumers are generally more vulnerable than enterprise or government users, for example -- estimates like ISS' could come from a sample that does not represent the Internet as a whole, he said.

Still, by any measure, Conficker is a big problem. "Even if they're off by an order of magnitude -- which is possible -- the number of infected machines is immense."

China leads all countries in the count, Nguyen said in an e-mail today, noting that 13.7% of all Conficker.c infections are located there. Brazil and Russia follow in the No. 2 and No. 3 spots, with 10.4% and 9.3%, respectively. The U.S., meanwhile, accounts for just 2.6% of the total, or just over 35,000 PCs.


X-Force has detected a significant increase in the number of infected IP addresses since Monday, Stewart said in her blog. On Monday, for instance, it found 37,000 unique IP addresses with signs of Conficker.c infection, while by Wednesday the number had jumped to 64,000, an increase of 71%.


Source: PCWorld.com and computerworld.com

No comments:

Post a Comment