2009年8月30日星期日

Conficker Still A Big Deal

The Conficker worm outbreak seems so long ago and there's been no news about it for so long, but that doesn't mean it went away.

The Conficker Working Group, a consortium of security and related companies, continues to track the massive botnet created by the outbreak. These days it runs at around 6.2 million unique IP addresses. About 80% of these appear to be Conficker A and B, The C variant was not all that successful, because the avenues for its spread had already been largely cut off.

The fact that the numbers fluctuate within a fairly narrow range means that the botnet is pretty stable, but it's hard to say exactly what's happening. The testing measures IP addresses which means that some systems (notebooks that roam from network to network) are overcounted and some (networks with NAT) are undercounted. I think it all adds up to a very stable network; the systems that got infected in the original outbreaks are, by and large, still infected. They obviously don't patch their systems or run anti-malware and most of them probably don't have any idea that anything is wrong.

Some people just don't care I guess. It's remarkable and says something about our ability to deal with the problems of malware and botnets that the largest botnet in the world, which Conficker must be, just sits there and nothing is done about it. Perhaps nothing can be done.

没有评论:

发表评论