Conficker.c infects small number of U.S. PCs, IBM says
Conficker.c may be in headlines around the world, but most of the infected PCs are in Asia and Europe, with fewer than 6% of the total found in North America, a security company said Tuesday.
Using an analysis of the worm's peer-to-peer communications scheme, IBM Internet Security System's X-Force team figured out last week how to detect machines plagued with the newest variant of Conficker, then mined that data to put a face on its geographic distribution.
"A lot of people have been reporting on infections that they've seen, but we really hadn't seen who was infected now," said Holly Stewart, X-Force's threat response manager.
As of Monday, 45% of the Conficker.c-infected computers were traced to Asian IP addresses, while another 31% were pegged to European addresses. South American accounted for 14% of the total, and just 5.8% of the infected PCs were using IP addresses associated with North America, Stewart said.
The dominance of Asia on the roll call of infected regions isn't surprising. Last Friday, Nguyen Tu Quang, the chief technology officer at Bach Khoa Internetwork Security (Bkis), which is housed at the Hanoi University of Technology, said that all fingers point to China. "It is almost certain that Conficker has Chinese origins," Nguyen said in an e-mail.
Conficker.c has received a massive amount of attention, especially in the last week, as tomorrow approaches. The third variant, which researchers first spotted earlier this month, will be able to switch to a new methodof getting orders starting April 1.
Earlier versions of the worm generated a list of 250 possible domains each day that the malware could use to route instructions from its controllers, but Conficker.c cranks out a list of 50,000 Web addresses daily. Most researchers believe that's a direct response to work begun last month by the so-called Conficker Cabal -- officially known as the Conficker Working Group -- an ad hoc consortium of researchers and companies that have tried to disrupt the worm's "phone home" ability by registering as many of the daily domains as possible.
"Conficker.c makes it really hard for researchers to crack the communications code," Stewart said, referring to the worm's beefed-up peer-to-peer skills, which some believe were added as a fail-safe link to Hacker HQ if the domain routing system was compromised. Conficker.c has been using its peer-to-peer communication connection since it debuted.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
conficker
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Conf***er
The dang virus just stole my car. Don't tell ME it's not dangerous.