After 1 Year, Conficker Infects 7M Computers 95
alphadogg writes "The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate. On Thursday, researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker. They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the Internet and placing their own 'sinkhole' servers on the Internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so the bad guys have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected."
Action not words! (Score:2, Insightful)
Are these researchers doing anything about it? Have they handed the IP lists with timestamps over to the appropriate ISPs or corporate network administrators so that the infected systems can be dealt with? Did they even put up a page where you can check yourself or your network?
Merely counting the infected is nothing but mental masturbation. Even the lame government census has moved beyond simply counting.
Re:I'm safe! (Score:4, Insightful)
It's too bad there isn't a tiresome mod.
Re:I'm safe! (Score:2, Insightful)
Half the things you listed are malware themselves.
But your point is well taken regarding just about any flavor of Linux or OSX.
When Windows 7, fresh out of the box from Redmond nags you go get an antivirus that says something right there.
First it says Microsoft has no confidence in the ability of this version to stop any malware.
Second it transfers blame to a sketchy industry that had grown up based on a dodgy OS, and actually lobbied Microsoft not to lock them out, demanding the same holes in the OS that allow viruses in, in order to install their slow-ware.
If Windows 7 was half the Operating system Microsoft claims it is it wouldn't need an antivirus. It would just delete your user account every time you switched to your guest account like OSX and be done with it. (Hey, its a joke. No flames..).
Re:I'm safe! (Score:2, Insightful)
Re:Cleaning job (Score:3, Insightful)
It's not just that.
Being a good samaratin like that often fails because of the risk you'll mess up and get slammed with a lawsuit. Simply by participating in the affair you become jointly and severally liable if anything goes wrong.
Re:Cleaning job (Score:3, Insightful)
Is there a way for the researchers to use the sinkhole to clean the worm?
Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers? So along counting the number of PC's infected they also help in cleaning the worm. Impossible?
If you just sniff traffic, that doesn't mean you can inject instructions. And even if, how do you make sure *you* don't ruin the users computers? It is a ethical problem as soon as you mess with other peoples machines; These Botnet hijackers [youtube.com] explain that too.
So, no, researchers are not going to do that. Also, too complex technically.
Re:Good point (Score:4, Insightful)
Second time? Citation needed, seriously.
Apart from self-contained data loss bugs that corrupt single files or bork their own data, the only difference between them is the identity of the data affected--deleting your user folder is no more or less "destructive" than deleting the Program Files folder or the System32 folder or any other combination of important data.
More to the point, you have a short and selective memory. On the Windows side, the number of data loss bugs in the Microsoft KB is staggering--many of which far more easily triggered than the Snow Leopard bug (which PC World was unable to reproduce). There have been plenty of famous and significant data loss bugs in Windows' history, like the Windows 98SE shutdown bug, the Windows 2000 ATA bug, and even the Windows XP bug that ate the user data folders, quite similar to the Snow Leopard bug: http://www.v3.co.uk/vnunet/news/2116562/winxp-bug-ate [v3.co.uk].
How about the similar data loss bug in the Linux kernel a few years ago: http://news.cnet.com/2100-1001-976427.html [cnet.com]. A simple Google search will reveal several more, before and since, in the kernel and in distribution packages.
Then there's the infamous Mozilla bug that wiped out the entire Program Files directory on Windows: http://www.mozillazine.org/talkback.html?article=4264 [mozillazine.org]
It's not just user-level software development, either. Just look at Intel's repeated data loss bugs in their SSDs.
All the big names have let a bug like this slip at one time or another. It's unfortunate, but inevitable.