Conficker worm hitting hardest in Asia, Latin America

Asia and Latin America have been hardest hit by the Conficker worm, security experts say.


Asia and Latin America have been hardest hit by the Conficker worm, according to security experts.

Symantec says, China and Argentina have been hit hardest by the worm, which started spreading about two months ago but is thought to have infected millions over the past few weeks.

China accounts for close to 29 percent of the infections tracked by Symantec, and Argentina was second with just over 11 per cent, according to Alfred Huger, vice president of Symantec Security Response.

"We're not seeing anywhere near the number of infections in western Europe and North America.," though there have been high profile infections in the UK, including the Ministry of Defence.

The worm, known by several names including Conficker and Downandup, has been spreading by taking advantage of a flaw in a Windows Server service that Microsoft patched last October. Conficker can also spread by guessing administrative passwords on a network and infecting USB devices that connect to computers.

Infection rates in the US are closer to the 1 per cent level, Huger said.

Phil Porras, program director at SRI International, said the worm has hit China, Brazil, Russia and Argentina the hardest.

Interestingly, an earlier variant of Conficker would not attack victims who were using Ukrainian keyboards, but the latest version of the worm does.

Huger said the worm's designer has written special code that operates a certain way on Chinese and Brazilian networks, meaning those two countries may have been targeted by the attackers.

Nobody knows for sure why Asia and Latin America were so hard hit, but Huger and Porras both said countries with large amounts of pirated software were more likely to be affected.

"I think that piracy plays a role, though I don't know if it's the key contributor," Huger said.

Both researchers were waiting to see what hackers would do now that they have infected such a large number of computers.

Earlier versions of Conficker tried to install a program called Antivirus XP, a notorious rogue antivirus program that infects victims' computers with pop-up messages in an attempt to trick them into paying for bogus software.

Researchers said the machines could be converted into what would be the world's largest botnet computer network or sold off piecemeal to criminals.

Infected computers are now regularly visiting about 500 rendezvous points on the Internet looking for instructions. When those instructions finally appear, computer experts will know more about what the worm was designed to do.

"It's a fantastic spread relative to other threats, and yet the author seems to have become suddenly self-conscious about updating," Huger said.

"Maybe he's concerned about all the press it's getting and doesn't want to go to jail."

"Recommended For You"

Conficker worm torpedoes French navy Symantec urges firms to 'remain vigilant' on Conficker