Conficker.c controls 4% of all infected PCs, IBM says
Vietnamese security company pegs the count at 1.3 million worldwide, 35,000 in the U.S.
Computerworld - As many as one out of every 25 Internet addresses that transmits potentially dangerous data over the Internet is infected with the Conficker.c worm, IBM's security arm said today.
One day after the worm began communicating with its hacker controllers over a new command channel -- a trigger that failed to wreak the havoc some had predicted -- IBM Internet Security Systems' X-Force team had enough data to estimate its size, said Holly Stewart, the group's threat response manager.
Computerworld had asked Stewart for an estimate Tuesday, but she declined to provide one then. "We simply didn't want to report a number that would be inaccurate," Stewart said in a post to the X-Force blog.
Using techniques developed in-house, X-Force has been able to detect machines plagued with the newest variant of Conficker by picking apart incoming Internet traffic to find the worm's peer-to-peer communications. Earlier in the week, X-Force used that ability to pinpoint the geographic location of Conficker.c-infected PCs and found that most of them were in Asia and Europe, with relatively few in the U.S. and Canada.
Today, it released numbers that gave a glimpse into the possible size of the Conficker.c botnet. "Four percent of the sources of suspicious activity on the Internet are infected with Conficker.c," said Tom Cross, the manager of X-Force, in a telephone interview late today. X-Force arrived at that number by monitoring the traffic hitting its customers' intrusion-prevention appliances.
It's impossible to correlate that percentage -- which essentially means that 1 out of every 25 infected PCs has been hit with Conficker -- to the general IP population, Cross cautioned. Clearly, the 4% isn't the fraction of the world's computers that are infected, he said. "There are people doing extrapolations using different methods who are coming up with estimates like that," he added.
One such estimate pegged the number of Conficker.c-infected systems rather precisely. According to Nguyen Tu Quang, chief technology officer at Bach Khoa Internetwork Security (BKIS), an antivirus vendor in Hanoi, Vietnam, there are 1,384,100 computers harboring the worm.
China leads all countries in the count, Nguyen said in an e-mail today, noting that 13.7% of all Conficker.c infections are located there. Brazil and Russia follow in the No. 2 and No. 3 spots, with 10.4% and 9.3%, respectively. The U.S., meanwhile, accounts for just 2.6% of the total, or just over 35,000 PCs.
X-Force has detected a significant increase in the number of infected IP addresses since Monday, Stewart said in her blog. On Monday, for instance, it found 37,000 unique IP addresses with signs of Conficker.c infection, while by Wednesday the number had jumped to 64,000, an increase of 71%.
- Conficker's makers lose big, expert says
- Conficker activation passes quietly, but threat isn't over
- FAQ: Just the facts on Conficker
- Security managers concerned but confident about Conficker on eve of expected attack
- IBM: Conficker.c infects small number in U.S.
- Security software scammers riding on Conficker's coattails
- Researchers exploit Conficker flaw to find infected PCs
- Conficker's next move a mystery to researchers
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts