Skip to content

Management

Technology

Toolbox

Training

Books

White Papers

Webcast

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Cybercrime & Hacking management > security > news

November 02, 2009

Conficker has 7 million strong botnet

One year on malware remains a potent threat

By Robert McMillan

The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate.

Advert

Researchers at the volunteer-run Shadowserver Foundation have logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker.

They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the internet and placing their own 'sinkhole' servers on the internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so cybercriminals have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected.

Although Conficker is probably the computer worm most known about, PCs continue to get infected by it, said Andre DiMino, co-founder of The Shadowserver Foundation. "The trend is definitely increasing and breaking 7 million is pretty much of a landmark event," he said.

Conficker first caught the attention of security experts in November 2008 and received widespread media attention in early 2009. It has proved remarkably resilient and adept at re-infecting systems even after being removed.

The worm is very common in, for instance, China and Brazil. Members of the Conficker Working Group, an industry coalition set up last year to deal with the worm, suspect that many of the infected PCs are running bootlegged copies of Microsoft Windows, and are therefore unable to download the patches or Microsoft's Malicious Software Removal Tool, which could remove the infection.

Despite its size, Conficker has rarely been used by the criminals who control it. Why it hasn't been used more is a bit of a mystery. Some members of the Conficker Working Group believe that Conficker's author may be reluctant to attract more attention, given the worm's overwhelming success at infecting computers.

"The only thing I can guess at is the person who created this is scared," said Eric Sites, chief technology officer with Sunbelt Software and a member of the working group. "This thing has cost so many companies and people money to get fixed, if they ever find the guys who did this, they're going away for a long time."

IT staffers often discover a Conficker infection when a user is suddenly unable to log into a computer. That happens because infected machines try to connect to other computers on the network and guess their passwords, trying so many times that they are eventually locked out of the network.

But the cost of the worm would be even greater if Conficker were to be used for a distributed denial of service attack, for instance.

"This is certainly a botnet that could be weaponised," DeMino said. "When you have a net of this magnitude, the sky's the limit in terms of what could be done."

Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!

« prev article | more security news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Conficker has 7 million strong botnet - Cybercrime & Hacking - ComputerworldUK' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Advert

WHITE PAPERS

  • Legal risks: Employee use of the internet and email
    Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.
  • Phishing for victims
    This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
  • Challenges and opportunities of PCI
    The control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance.
  • Social CRM comes of age
    Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this?
  • Risk Management: Protect and Maximize Stakeholder Value
    What has held organisations back from a broader adoption of risk management programs?
*