Conficker botnet

Super-botnet which is being built by the worm Conficker, has grown already at least to 3,5 million computers. Thus, this zombie-network in the sizes has surpassed all known till now botnets, including Storm, which, by some estimations, on peak of the development included from 500 thousand to one million computers.

Daily, taking for a basis of a mark of time from public sites like Google and Baidu, the program generates weight of sequences of the symbols similar to domain names. Using this set of the lines, the infected computer tries to contact the servers located on corresponding domains. In practice such domain can be only one — using the same algorithm, owners of a bot-network in advance register, lift on it a server and, thus, supervise all herd of zombies-computers.

Such approach does inefficient traditional methods of struggle with ботнетами, consisting in closing of harmful servers. After all malefactors register new domains every day and even if this domain will manage to be found out and blocked in so short term, tomorrow there will come new day, and the scheme will fulfil again.

On the other hand, nothing prevents to register the suitable domain and to wait, when the computers infected with a worm will start to communicate with it. Theoretically it gives the chance to interfere with work of all contacting “zombies” and even to cure them is but only theoretically: legally such actions are regarded as “unauthorized use”. (The similar reason prevents to cut German scientist on a root botnet Storm.)

Therefore F-Secure were limited only to supervision which, in particular, have allowed to define quantity entering in super-botnet computers. On the most modest estimations, as of January, 13th of such computers it has appeared without small 2,4 million, but already in a day their number has grown to 3,5 million In the anti-virus company consider the calculations rather conservative (exact calculation is at a loss that behind one ip-address the whole local area networks often disappear) so in a reality the sizes of the botnet should be essentially more.

The first five of the countries where the infected computers settle down, includes China, Brazil, Russia, India and Ukraine. It is remarkable that, according to November data by Microsoft, Conficker for any reason disdained the Ukrainian computers, however since then, obviously, the situation has changed.

Let’s remind that for control capture over computer-victim Conficker uses a security hole in Windows, the patch for which has been let out still on October, 23rd. After successful capture a worm, being afraid of a competition, providently covers an opening through which itself has got into the computer.

Bookmark this page

Related posts

• Downadup (Conficker) has infected every 16-th computer (0)
• Distribution of Conficker worm decreases (0)
• Conficker worm: mass infections (0)
• Top 20 malware programs. Conficker is on the 1st place (0)
• The computer worm entices victims with discounts at “McDonald’s” restaurants (0)