Conficker Infection Analysis Turns Spotlight on Number of Compromises
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Conficker Infection Analysis Turns Spotlight on Number of Compromises

Written By
Brian Prince
Brian Prince
Apr 17, 2009
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Has the number of Conficker infections been overhyped? Not necessarily.

New research by Kaspersky Lab has put the aforementioned question back in the spotlight. While the Conficker worm generated an intense amount of public interest, the number of computers infected with the newest variant of the worm seems to be relatively small.

Kaspersky Lab’s analysis revealed just over 200,000 unique IP addresses were participating in Conficker’s peer-to-peer network (P2P).

“While analysing Kido [Conficker] network behaviour we’ve been able to develop an application that helped us to get an in depth insight into the peer-to-peer network communications of the malware, which have been used to distribute updates over the last week,” blogged Georg Wicherski, a virus analyst at the security company. “Over a 24 hour observation period, we’ve been able to identify 200,652 unique IPs participating in the network, far less then initial estimated Kido infection counts.”

However, Kaspersky Lab Senior Antivirus Researcher Roel Schouwenberg noted this is just the number of computers the company detected participating in the P2P network. The total number of infected machines is still in the millions, Schouwenberg told eWEEK.

At various points, vendors have put the number as high as 9 million, but efforts by the security community such as The Conficker Working Group seem to have paid off. However, the group still puts the current number of unique IPs infected with variants A, B and C at roughly 3.6 million.

Only a fraction of the nodes infected with earlier variants appear to have been updated, according to Wicherski’s blog post. Kaspersky’s analysis also found that the highest concentration of infected machines is in Brazil, China and the eastern part of the United States, which is reminiscent of similar findings from IBM’s X-Force earlier this month.

The latest iteration of the worm has been tied to a scheme to trick users into downloading rogue anti-virus. There are a number of tools available to help victims remove and detect the malware, as well as a patch for the Microsoft vulnerability targeted by multiple versions of the worm.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information