Conficker Worm Continues to Infect Systems
As per the Internet security company Akamai Technologies, several variants of the Conficker worm were actively circulating on the Internet in the third quarter of 2009 and accounted for most of the attack traffic.
The security company also said in its State of the Internet report for the third quarter of 2009 that while the industry media and mainstream coverage of Conficker and its variants had significantly fallen down since peak in the second quarter of 2009, it was evident from the available data that the worm and its variants were still active and searching for new systems.
Emphasizing on the figures given by the Conficker Working Group, Akamai said that the number of Conficker.B and Conficker.A infection had risen globally during the third quarter of 2009 but the infections of Conficker.C tumbled during the same period.
The report stated that 78% of Internet attacks reported by Akamai in the third quarter of 2009 targeted 445, significantly higher from 68% during the second quarter of 2009. Microsoft Directory Services use Port 445 and it is the same port targeted by Conficker to abuse buffer overflow vulnerability in Windows.
Akamai pointed out that Russia and Brazil were responsible for Conficker. Both the countries have been consistently suffering from the problem of worm. Russia contributed 13% of total traffic attack while Brazil accounted for 8.6% of attack traffic, said Akamai. The US held the third place and contributed 6.9% of attack traffic, followed by China at fourth place with 6.5% of total attack traffic.
Most of the attacks originating from Russia and Brazil targeted Port 445, which indicated that a large number of computers in both the countries were actively involved in Conficker related botnets.
Moreover, Port 445 left behind other ports like Telnet (Port 23), SSH (Port 22), NetBIOS (Port 139) and Microsoft-RPC (Port 135) with their shares in the total attacks between 2% and 4.4%. 95% of all attacks conducted through 10 Ports, while the remaining 5% of attacks were conducted through 3,800 obscure ports.
Although Microsoft has released a fix to deal with the vulnerability exploited by previous versions of Conficker, security experts believe that the worm continues to be active and several infected machines contain unauthorized copies of Windows and don't have access to security updates.
Related article: Conviction of First Felony Spam in Virginia Upheld
» SPAMfighter News - 22-01-2010