China Reports Millions Of Conficker Infections

Outsmart Malicious Hackers


Conficker has been giving us all headaches for quite some time now, the latest news it that China hosts up to 28% of the World Conficker infections at its peak.

7 million separate hosts infected with Conficker at the end of 2009, that’s more than the population of some countries!

It’s a pretty nasty piece of malware and doesn’t seem to be going away anytime soon, especially with many new nations, cities & areas coming online with users inexperienced in the ways of the web – more infections are bound to happen.

China last year hosted more than one in four of the world’s computers infected with a major variant of the Conficker worm, according to an official report, highlighting the wide reach of malware inside the country. China had about 7 million Internet Protocol (IP) addresses infected with Conficker B at the end of last year, according to a recent annual security report posted on the Web site of China’s National Computer Network Emergency Response Technical Team (CNCERT). The number of infections varied during the second half of the year, which the report covered, but was higher than 5 million during all but one week.

The huge figures gave China up to 28 percent of the world’s Conficker B infections depending on the week, the report shows.The controllers of Conficker so far have hardly used their network of infected computers, but they could potentially use it to launch a crippling denial-of-service attack by ordering all of the computers to contact a victim server at the same time.

7 million infected hosts, that’s one mean looking DDoS network right there. That’s assuming all the Conficker infections are controlled by the same herders (which IMHO is unlikely). There are probably multiple groups using variations of the same malware, different infection vectors and different control channels.

I wonder if they are going to do anything with Conficker because Conficker Day on April 1st last year was a non-event and when they did start dropping some payloads – well nothing much happened either.

Malware is a growing problem worldwide, but Chinese PC users may be more easily hit than others. Over 4 percent of China’s more than 380 million Internet users run no security software, according to a recent survey. Software piracy is also rampant in the country, with unlicensed versions of Windows XP running on many PCs that are unlikely to receive regular security updates.

Conficker began spreading late in 2008 and has become the most widespread known botnet. But attention to the worm fell off last year when April 1, a day the worm was due to update, came and passed without incident. Millions of PCs worldwide remain infected with the worm.

China also had anywhere from 125,000 to over 300,000 IPs infected with Conficker C during the second half of last year, giving it up to 20 percent of the world’s infections for that variant, according to the report.

The figures from the China based report are considerably higher than those from Shadowserver, which as of April 2010 only reports about 2 million Conficker infections in China (stats here).

I would say the problems in China have many angles, the main ones being pirated software leaving users with vulnerable software and lack of education meaning people aren’t using Antivirus software and are wide open to infections.

Source: Network World

Posted in: Malware

, , , , , , , , , , ,


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


Comments are closed.