Conficker group says worm 4.6 million strong
Security experts say that the Conficker worm has infected an awful lot of computers, making it the largest "botnet" of hacked computers on the planet. The thing they can't seem to agree on, however, is exactly how many people have been hit.
The group of researchers that has been most closely tracking -- and battling -- the worm has now released its own estimate of Conficker's size. According to data compiled by the Conficker Working Group, Conficker has been spotted on just under 4.6 million unique IP addresses. Its earlier A and B variants account for the lion's share of that -- 3.4 million IP addresses -- with the more-recent C variant spotted at 1.2 million addresses.
The countries measuring the largest number of infections for all variants are China, Brazil and Russia.
Conficker has been infecting Windows machines since October, but in recent weeks it has been getting a lot of attention as a newer version of the worm, Conficker.C, has updated the way it looks for instructions, making it much harder to stop.
Over the past weekend, Conficker infected nearly 800 PCs at the University of Utah's Health Sciences Center. IT staff there think it might have gotten on the network via an infected thumb drive. Once installed on one PC, Conficker is very effective at seeking out other unpatched Windows machines to spread.
Users who wonder if they're infected by the worm can try out this simple test developed by SecureWorks.
Studies done two weeks ago by OpenDNS and IBM's Internet Security Systems group had suggested that as many as 4 percent of PCs might have been hit with the Conficker worm, but the Working Group's analysis suggests the number is likely much lower.
"We're hoping that publishing these numbers will throw a little bit of reality into the equation," said Andre DiMino, cofounder of The Shadowserver Foundation and a member of the Working Group. He does not believe that 4 percent of PCs were infected. "It's hard to make a case for that right now," he said.
But the actual number of infections could be higher or lower than 4.6 million, DiMino admitted. Because the Working Group's method counts IP addresses, they may have over-counted consumers who log on from multiple IP addresses, or undercounted corporate infections, which are often hidden behind a single IP address.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
conficker
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
