O Botnet, Where Art Thou? Yes, like an Odyssey worthy of Homer or a George Clooney movie, the saga of the Conficker botnet continues. The Most Excellent folks at Shadowserver have posted an update today.
While Conficker fell off the media radar, Shadowserver has been following it:
- “As recently as late October 2009, the number of systems infected with the A+B+C variants topped seven million.”
- “Currently, there are over 12,000 ASN’s that have at least one Conficker IP in their network space.”
- The Conficker stats and charts page can be found here: http://www.shadowserver.org/wiki/pmwiki.php/Stats/Conficker
Like the Bogey Man and the Monster Under the Bed, we Know it’s There, but what is It Doing? One thing the data shows is that overall, its presence is dropping, from a high of 6.5 Million to 7 Million, and still declining, thanks largely to serious eradication efforts, including ongoing domain registration by the Conficker Working Group.
A very interesting piece on SearchSecurity.com brings us up-to-date on the hunt for the Conficker authors. The article quotes Mikko Hyppönen from F-Secure speaking about how the worm’s authors used the MD6 cryptographic hash to sign the worm, including updating the hash after an MD6 weakness was found. Also, the worm was able to work-around disabled Autoplay initiated on Windows systems.
The counter-attacks by security researchers will influence botnet developers as they morph their capabilities and attack surfaces in response. While Conficker seems to be contained and has become the inverse of Top of Mind, you should still Pay Attention, just because…
Peace & Love Y’all!
Cross-linked from Suspicious Minds