Group IDs hotbeds of Conficker worm outbreaks
Internet service providers in Russia and Ukraine are home to some of the highest concentrations of customers whose machines are infected with the Conficker worm, new data suggests.
The report comes from the Shadowserver Foundation, a nonprofit that tracks global botnet infections. Shadowserver tracks networks and nations most impacted by Conficker, a computer worm that has infected more than 7 million Microsoft Windows PCs since it first surfaced last November.
"Conficker has managed to infect, and maintain infections on more systems than any other malicious vector that has been seen before now," Shadowserver stated on its Web site.
Shadowserver's numbers indicate that the largest numbers of Conficker-infested PCs are in the East, more specifically China, India and Vietnam. For example, Chinanet, among the nation's largest ISPs, has about 92 million routable Internet addresses, and roughly 950,000 -- or about 1 percent of those addresses -- appear to be sickened with Conficker.
Security Fix decided to use the group's data in a slightly different way, to showcase the concentration of Conficker victims as viewed against the total number of each ISP's customers. Viewed this way, Russian and Ukrainian ISPs have the highest concentration of customers with Conficker-infected systems (click the chart below for a larger version of the data, based on Shadowserver's own data).
Shadowserver is but one member of the larger Conficker Working Group, a collaborative effort comprising security experts, anti-virus and software vendors, infrastructure providers that sprang up shortly after it became clear that the worm was well on its way to becoming a massive weapon in the hands of its criminal creators.
Despite the group's best efforts, whoever is responsible for releasing Conficker remains at large. Compounding the cleanup effort is the fact that the worm really hasn't done anything overtly malicious other than spread quite virulently.
"Given any large number of infected systems, remediation becomes a very difficult task, and even harder to justify when the infection does nothing," Shadowserver said.
Shadowserver said its statistics were "not intended to shame, or embarrass any company or organization, but simply illustrate the depth and extent of how Conficker truly affects a worldwide scope of providers." Then again, shaming may be exactly what is needed for ISPs that are seeing anywhere from 10 percent to 27 percent of the customer base infected with Conficker.
Obviously, a big part of fixing a problem is knowing that you have one in the first place. To that end, Shadowserver offers all ISPs and Web hosting providers free daily feeds that can alert network providers to new bot infections on their networks.
December 16, 2009; 8:00 AM ET
Categories: From the Bunker | Tags: conficker worm, shadowserver
Save & Share: Previous: Hackers target unpatched Adobe Reader, Acrobat flaw
Next: Twitter.com hijacked by 'Iranian cyber army'
Posted by: Rixstep | December 16, 2009 1:22 PM | Report abuse
Posted by: TheGeezer | December 16, 2009 11:41 PM | Report abuse
Posted by: mhenriday | December 17, 2009 11:31 AM | Report abuse
Posted by: firstname.lastname@example.org | December 18, 2009 1:56 AM | Report abuse
Posted by: fchaffin | December 18, 2009 6:42 PM | Report abuse
Posted by: Hoku1 | December 18, 2009 7:01 PM | Report abuse
The comments to this entry are closed.