On TechRepublic: 10 dying IT skills

BNET Business Network:: BNET; TechRepublic; ZDNet

Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

January 15th, 2009

3.5m hosts affected by the Conficker worm globally

Posted by Dancho Danchev @ 12:36 pm

Categories: Anti Virus, Botnets, Browsers, Exploit code, Hackers, Malware, Passwords, Viruses and Worms

Tags: Security, Internet Worm, Remote Code Execution, MS08-067, Conficker, Downadup, Dancho Danchev

A recently conducted experiment by F-Secure estimates that approximately 3.5 million hosts have been infected with W32/Conficker.worm also known as W32.Downadup spreading through the now patched MS08-067 as of November, 2008. Basically, F-Secure’s experiment took advantage of the very same domain registration algorithm that the cybercriminals were using in order to temporarily redirect some of the infected hosts and in the meantime count the number of infected hosts.

With several new Conficker variants released since the original November campaign, the worm’s authors seem to be diversifying the propagation vectors in order to increase the worm’s lifecycle.

The latest propagation tactics include USB spreading, network shares spreading, and according to McAfee, the latest samples that they’ve analyzed are attempting to exploit only English language OS versions thanks to an OS fingerprinting feature within a Metasploit exploit used by the worm’s authors.

Ever since the first release of the worm, the authors’ criminal intentions became pretty evident. Infected hosts would be exposed to fake security software claiming that the host’s security has been compromised — appreciate the irony here — with the worm’s authors earning $30 for each and every successful sale of the bogus security software. This approach of monetizing malware infected hosts through an affiliate-based network is one of the main incentives for assembling a botnet these days.

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 71 Talkback(s)

Thread View
Flat View

You're right.: Computers like Google.com and eBay.com are much
less valuable then your porn stash and baby
pictures. It's definitely much more profitable to
hack you instead. Brilliant argument there.... (Read the rest); Posted by: AzuMao Posted on: 05/22/09 You are currently: a Guest | Log in | Terms of Use

Digital Security in the Future Andrew Merrick | 01/15/09

Yes. AzuMao | 01/19/09

no snow in hell yet aensland | 01/19/09

Re: "Why is migrating to 'nix STILL such a pain in the ass?" AzuMao | 01/20/09

all well and good.... paul_bruford@... | 01/20/09

Ya, you're right. AzuMao | 01/20/09

Simple mitigations forrestgump2000@... | 01/15/09

Moment of truth. joe.smetona@... | 01/17/09

yeah sure aensland | 01/19/09

What? Linux is 10X easier than Windows to install and use. joe.smetona@... | 01/22/09

sounds good but aensland | 01/23/09

because 1packer | 01/23/09

Because OSX is the worst of both worlds? AzuMao | 01/24/09

If you know computers, nothing is a problem. joe.smetona@... | 01/24/09

Games Run too SpikeyMike | 01/28/09

or I could just run them natively gnesterenko | 05/21/09

Or you could just get a real OS and use WINE like he said. AzuMao | 05/22/09

are you nuts? paul_bruford@... | 01/20/09

1. Paul, you really need to try Linux Mint 6. joe.smetona@... | 01/22/09

There's a problem with that statement. AzuMao | 01/20/09

Amazing, I guess I should go back to Windows. joe.smetona@... | 01/22/09

What about hardware that are not Linux-compliant? Grayson Peddie | 01/21/09

About the hardware. joe.smetona@... | 01/22/09

money aensland | 01/23/09

We're talking hardware here... 1packer | 01/23/09

Answer. joe.smetona@... | 01/24/09

Careful there AzuMao | 01/25/09

Okay..? AzuMao | 01/24/09

F-Secure's tests were done from the BIOS OS BALTHOR | 01/15/09

I did my duty nucrash | 01/15/09

Welcome to Windows! Christian_<>< | 01/15/09

And my Mac OS X system davebarnes | 01/15/09

Infected Macs netminder | 01/16/09

Linux Wine 1packer | 01/16/09

Not really. AzuMao | 01/19/09

OSX is Unix(tm) james@... | 01/21/09

Actually... ShadowGIATL | 01/21/09

@ShadowGIATL Axsimulate | 01/23/09

nix core != nix OS AzuMao | 01/24/09

No, because... Qbt | 01/16/09

Something doesn't work there... 1packer | 01/16/09

No... Qbt | 01/16/09

Speaking of clueless... rhoids | 01/17/09

If you aren't doing O/S patches, you're clueless jgwinner | 01/19/09

Good luck with that. AzuMao | 01/19/09

missing the point aensland | 01/19/09

While it's true AzuMao | 01/20/09

RE: 3.5m hosts affected by the Conficker worm globally MaVdb7 | 01/16/09

I guess... Qbt | 01/17/09

Why GNU/Linux Viruses are fairly uncommon (Joke) happy

happy

joe.smetona@... | 01/17/09

true that aensland | 01/19/09

RE: 3.5m hosts affected by the Conficker worm globally shaftbmf | 01/16/09

RE: 3.5m hosts affected by the Conficker worm globally jgwinner | 01/19/09

Fix Frequency The_Quietman | 01/19/09

It's mainly luck, though. AzuMao | 01/20/09

RE: 3.5m hosts affected by the Conficker worm globally darkonc | 01/19/09

RE: 3.5m hosts affected by the Conficker worm globally bklooste | 01/19/09

Windows.. Unix based you say?? Crogon | 01/19/09

Maybe...but probably not james@... | 01/21/09

Except that AzuMao | 01/24/09

What is your base? ShadowGIATL | 01/21/09

Vista 1packer | 01/23/09

RE gnesterenko | 05/21/09

Don't try to flatter yourself into thinking you're using a decent OS. AzuMao | 01/20/09

Just curious... ShadowGIATL | 01/21/09

RE: "Cause I hear most of it is closed source." AzuMao | 01/24/09

Patch patch patch ya patches with some patches whisperycat | 01/20/09

The future. joe.smetona@... | 01/28/09

I bet you that AzuMao | 01/28/09

RE: 3.5m hosts affected by the Conficker worm globally gnesterenko | 05/21/09

You're right. AzuMao | 05/22/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Dell's IT Infrastructure Services, Desktops, and Notebooks Allow Global Consumer Packaged Goods Marketer Unilever to Support Staff Efficiency and Productivity With Business-Critical IT Services Dell Unilever is a multinational corporation that owns 400 consumer brands ... Download Now
Live Webcast: Activate Today! Realize ROI with Intel(r) vPro Technology and Microsoft System Configuration Manager Intel Join the team from the Intel vPro Expert Center for an informative Webcast ... Download Now
Get top-ranked Novell support for Red Hat when you switch Novell If Linux is going to power your mission-critical applications, you'd ... Download Now

Recent Entries

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+39 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More