Conficker Infection Dropped Suddenly

As per the Shadowserver Foundation and the Conficker Working Group, people have got another reason to celebrate the occasion of New Year 2010. The security company informed that almost one million systems infected by the Conficker worm have suddenly vanished.

As per the data released by ShadowServer, on January 1, 2010, the total number of IP addresses exhibiting traces of infection tumbled by 820,000 to 5.3 Million. The reduction led to the botnet's fading in the final days of December 2009. On December 29, IP addresses which showed traces of Conficker infections reached 6.5 Million and came down to 5.3 Million in the beginning of 2010.

But Andre' DiMino, Director and Founder, the Shadowserver Foundation, claimed that the organization did not have sufficient data to find out the cause of the reduction, as per the news reported by SECUIRTYFOCUS on January 4, 2010.

He further added that it was not clear whether the drop was due to the holidays as many systems were closed or did firms take time to repair the problem.

Further, the security experts said that the decrease might not be permanent or long lasting. By January 2, 2010, the signs of infections already returned to 5.6 Million. DiMino also claimed that it was starting to creep up again, but they were still a million off from where they were.

It is said that Conficker, also called Kido and Downadup, has astonished many security analysts with its achievement in spreading across the web. First found in November 2008, the Conficker worm circulated using flaws in Microsoft Windows and contacted with 250 random domains to verify for updates.

By the end of April 2009, Conficker transformed into a botnet that sustained peer-to-peer connections but did not circulating automatically. While the first edition of the program had contacts with 250 random domains, the recent version produces 50,000 random domains per day as well as contacts with 500 of them for updates.

The Shadowserver Foundation has also come out with details of ISPs worldwide and how susceptible they are to viruses. The figures indicate that the US-based telecom service provider-Telstra- has the maximum users attacked by Conficker worm at roughly 3,700 IP addresses, followed by Optus and TPG with 2, 200 and 1,100 respectively.

Related article: Conviction of First Felony Spam in Virginia Upheld

» SPAMfighter News - 1/14/2010