China Reports Millions Of Conficker Infections

Use Netsparker


Conficker has been giving us all headaches for quite some time now, the latest news it that China hosts up to 28% of the World Conficker infections at its peak.

7 million separate hosts infected with Conficker at the end of 2009, that’s more than the population of some countries!

It’s a pretty nasty piece of malware and doesn’t seem to be going away anytime soon, especially with many new nations, cities & areas coming online with users inexperienced in the ways of the web – more infections are bound to happen.

China last year hosted more than one in four of the world’s computers infected with a major variant of the Conficker worm, according to an official report, highlighting the wide reach of malware inside the country. China had about 7 million Internet Protocol (IP) addresses infected with Conficker B at the end of last year, according to a recent annual security report posted on the Web site of China’s National Computer Network Emergency Response Technical Team (CNCERT). The number of infections varied during the second half of the year, which the report covered, but was higher than 5 million during all but one week.

The huge figures gave China up to 28 percent of the world’s Conficker B infections depending on the week, the report shows.The controllers of Conficker so far have hardly used their network of infected computers, but they could potentially use it to launch a crippling denial-of-service attack by ordering all of the computers to contact a victim server at the same time.

7 million infected hosts, that’s one mean looking DDoS network right there. That’s assuming all the Conficker infections are controlled by the same herders (which IMHO is unlikely). There are probably multiple groups using variations of the same malware, different infection vectors and different control channels.

I wonder if they are going to do anything with Conficker because Conficker Day on April 1st last year was a non-event and when they did start dropping some payloads – well nothing much happened either.

Malware is a growing problem worldwide, but Chinese PC users may be more easily hit than others. Over 4 percent of China’s more than 380 million Internet users run no security software, according to a recent survey. Software piracy is also rampant in the country, with unlicensed versions of Windows XP running on many PCs that are unlikely to receive regular security updates.

Conficker began spreading late in 2008 and has become the most widespread known botnet. But attention to the worm fell off last year when April 1, a day the worm was due to update, came and passed without incident. Millions of PCs worldwide remain infected with the worm.

China also had anywhere from 125,000 to over 300,000 IPs infected with Conficker C during the second half of last year, giving it up to 20 percent of the world’s infections for that variant, according to the report.

The figures from the China based report are considerably higher than those from Shadowserver, which as of April 2010 only reports about 2 million Conficker infections in China (stats here).

I would say the problems in China have many angles, the main ones being pirated software leaving users with vulnerable software and lack of education meaning people aren’t using Antivirus software and are wide open to infections.

Source: Network World

Posted in: Malware

, , , , , , , , , , ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


Comments are closed.