20 April 2010 | 5,480 views

China Reports Millions Of Conficker Infections

Check For Vulnerabilities with Acunetix

Conficker has been giving us all headaches for quite some time now, the latest news it that China hosts up to 28% of the World Conficker infections at its peak.

7 million separate hosts infected with Conficker at the end of 2009, that’s more than the population of some countries!

It’s a pretty nasty piece of malware and doesn’t seem to be going away anytime soon, especially with many new nations, cities & areas coming online with users inexperienced in the ways of the web – more infections are bound to happen.

China last year hosted more than one in four of the world’s computers infected with a major variant of the Conficker worm, according to an official report, highlighting the wide reach of malware inside the country. China had about 7 million Internet Protocol (IP) addresses infected with Conficker B at the end of last year, according to a recent annual security report posted on the Web site of China’s National Computer Network Emergency Response Technical Team (CNCERT). The number of infections varied during the second half of the year, which the report covered, but was higher than 5 million during all but one week.

The huge figures gave China up to 28 percent of the world’s Conficker B infections depending on the week, the report shows.The controllers of Conficker so far have hardly used their network of infected computers, but they could potentially use it to launch a crippling denial-of-service attack by ordering all of the computers to contact a victim server at the same time.

7 million infected hosts, that’s one mean looking DDoS network right there. That’s assuming all the Conficker infections are controlled by the same herders (which IMHO is unlikely). There are probably multiple groups using variations of the same malware, different infection vectors and different control channels.

I wonder if they are going to do anything with Conficker because Conficker Day on April 1st last year was a non-event and when they did start dropping some payloads – well nothing much happened either.

Malware is a growing problem worldwide, but Chinese PC users may be more easily hit than others. Over 4 percent of China’s more than 380 million Internet users run no security software, according to a recent survey. Software piracy is also rampant in the country, with unlicensed versions of Windows XP running on many PCs that are unlikely to receive regular security updates.

Conficker began spreading late in 2008 and has become the most widespread known botnet. But attention to the worm fell off last year when April 1, a day the worm was due to update, came and passed without incident. Millions of PCs worldwide remain infected with the worm.

China also had anywhere from 125,000 to over 300,000 IPs infected with Conficker C during the second half of last year, giving it up to 20 percent of the world’s infections for that variant, according to the report.

The figures from the China based report are considerably higher than those from Shadowserver, which as of April 2010 only reports about 2 million Conficker infections in China (stats here).

I would say the problems in China have many angles, the main ones being pirated software leaving users with vulnerable software and lack of education meaning people aren’t using Antivirus software and are wide open to infections.

Source: Network World



Recent in Malware:
- ParanoiDF – PDF Analysis & Password Cracking Tool
- Windows Registry Infecting Malware Has NO Files
- FakeNet – Windows Network Simulation Tool For Malware Analysis

Related Posts:
- Microsoft Offers $250K Bounty for Conficker Author
- Conficker Day – April 1st – Uneventful
- Conficker (AKA Downadup or Kido) Infections Skyrocket To An Estimate 9 Million

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,317 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,466 views
- US considers banning DRM rootkits – Sony BMG - 44,929 views

Low-cost VPS Hosting

Comments are closed.