Conficker Worm - Still thriving on unpatched systems - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Conficker Worm - Still thriving on unpatched systems

Lightning I was surprised to see that "A" and "B" variants for the Conficker worm are still thriving in-the-wild. It exploits MS08-067, autorun exposures, and other vulnerabilities on unpatched systems. While the 6 million IP addresses are not the true number of PCs infected, there are still a sizeable number that need patching.

Conficker Still A Big Deal
http://blogs.pcmag.com/securitywatch/2009/08/conficker_still_a_big_deal.php

Conficker Working Group - Current Statistics
http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking

Conficker Infection Test - Can you see all 6 images? (if yes your PC is okay)
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

QUOTE: The Conficker worm outbreak seems so long ago and there's been no news about it for so long, but that doesn't mean it went away.

The Conficker Working Group, a consortium of security and related companies, continues to track the massive botnet created by the outbreak. These days it runs at around 6.2 million unique IP addresses. About 80% of these appear to be Conficker A and B, The C variant was not all that successful, because the avenues for its spread had already been largely cut off.

The fact that the numbers fluctuate within a fairly narrow range means that the botnet is pretty stable, but it's hard to say exactly what's happening. The testing measures IP addresses which means that some systems (notebooks that roam from network to network) are overcounted and some (networks with NAT) are undercounted. I think it all adds up to a very stable network; the systems that got infected in the original outbreaks are, by and large, still infected.

These tables are specifically for the A+B infections.

-----------------------------------------------------
Day        Date        Total HTTP Hits Unique IP's
-----------------------------------------------------
Friday     2009-08-28      329,610,182    5,768,246
Thursday   2009-08-27      369,957,038    5,882,556
Wednesday 2009-08-26      366,973,896    5,864,465
Tuesday    2009-08-25      328,376,902    5,675,661
Monday     2009-08-24      280,028,571    5,726,258
Sunday     2009-08-23      305,703,590    5,157,771
Saturday   2009-08-22      337,360,653    5,263,328
Friday     2009-08-21      334,046,979    5,649,833
Thursday   2009-08-20      347,347,632    5,723,993

Posted: Aug 29 2009, 09:19 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.