The effective size of the Conficker botnet might be far smaller than previously thought.

Last week machines infected with the latest variant of Conficker began to download additional components - files associated with the rogue anti-malware application SpywareProtect2009 and a notorious botnet client, Waledac - via the worm's built-in P2P update mechanism.

However Kaspersky notes that the low volume is explained by the fact that only the latest variants of the worm are communicating via the monitored P2P network. In addition, only a minority of the nodes infected with earlier variants of the worm have been updated to the latest version.

A more detailed analysis, including geographical breakdown of compromised hosts, can be found on Kaspersky's blog here. ®

Related stories

• MS uses court order to take out Waledac botnet (25 February 2010)
• Manchester cops clobbered by Conficker (2 February 2010)
• Conficker jams up developing interwebs (17 December 2009)
• Conficker smites Oxford Brookes network (3 October 2009)
• Updated Conficker borks London council (4 September 2009)
• Conficker left Manchester unable to issue traffic tickets (1 July 2009)
• Conficker: Hold the funeral, it's not dead yet (21 May 2009)
• Conficker hype obscures sneaky botnet growth (6 May 2009)
• RSA Security maven sics 'special ops' on botnet gangs (24 April 2009)
• Botnet speed test uncovers drag racers of malware (23 April 2009)
• Gov systems found on 1.9m zombie botnet (22 April 2009)
• One in ten PCs still vulnerable to Conficker exploit (14 April 2009)
• Conficker botnet stirs to distribute update payload (9 April 2009)
• Old worm learns new Conficker tricks (6 April 2009)
• Conficker zombie botnet drops to 3.5 million (3 April 2009)
• Conficker gets upgraded with defenses (7 March 2009)
• Conficker variant dispenses with need to phone home (23 February 2009)