I came across a good article today from internetnews.com detailing the latest stats for the Conficker botnet. Over 5.5 million PCs are actively infected and a part of this botnet according to the Conficker Working Group. Clearly Conficker continues to be a threat despite approaching its first year anniversary this October.
Conficker is highly sophisticated and exhibits a strong potential for future malice. Here are some characteristics of the botnet pointed out in the article:
- Propagation via USB despite protection against USB autoruns
- Bypassing and blocking of security vendor’s IP addresses to prevent remediation of the threat
- Shutting down of new tools used to identify and respond to attacks like wireshark
Botnets are so dangerous because they can be used for other forms of internet crime like identity theft. For example, in April, Conficker was leased to distribute spam for the Waldac worm targeting users identities. Since then however, the botnet itself has been dormant. Despite the control millions of PCs and a very large black market profit potential, the authors of the malware haven’t leased it out and it appears to be running independently churning out infections and waiting for control. The latest version includes peer-to-peer code that allows infected nodes pass instructions to each other. For the time being it isn’t active but researchers continue to monitor it for signs of control.
Just another case of unauthorized software making its way onto PCs despite significant investment in security. The potential for damage from these threats continues to grow and adds to the argument for a complete overhaul in the way we address desktop and laptop security.
[...] to botnets. We recently blogged about two botnets formed by the new clampi trojan and the older conficker malware. Unfortunately, traditional blacklist anti-virus technology is no longer capable of [...]