Conficker botnet wake up call only pinged zombie minority
PrintResident evil
Posted in Malware, 17th April 2009 18:14 GMT
Free whitepaper – Blade learning lab and technical community
The effective size of the Conficker botnet might be far smaller than previously thought.
Last week machines infected with the latest variant of Conficker began to download additional components - files associated with the rogue anti-malware application SpywareProtect2009 and a notorious botnet client, Waledac - via the worm's built-in P2P update mechanism.
Security researchers at Kaspersky Lab have developed an application that analyses the P2P network communications associated with the malware. Over a 24-hour observation period, Kaspersky analysts spotted 200,652 unique IP addresses participating in the network, far less than initial estimates of infected Conficker hosts that ran into the millions.
However Kaspersky notes that the low volume is explained by the fact that only the latest variants of the worm are communicating via the monitored P2P network. In addition, only a minority of the nodes infected with earlier variants of the worm have been updated to the latest version.
A more detailed analysis, including geographical breakdown of compromised hosts, can be found on Kaspersky's blog here. ®
Free whitepaper – Migrating to the new Dell Management Console
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive