Feeds

back to article Conficker zombie botnet drops to 3.5 million

The "activation" of Windows machines infected with the latest variant of the Conficker worm has allowed security watchers to come up with a far more accurate estimate of how many machines are infected. Early versions of Conficker called home to 250 different domain names every day to check for updates. Since Wednesday, machines …

COMMENTS

This topic is closed for new posts.
Bronze badge

Catching a cold

My XP honeypot is still free of conficker, I have had to remove several other trojans or revert to an earlier snapshot because of system compromise but still no conficker.

For those interested there is a wealth of information regarding Conficker here: http://www.honeynet.org on the honeynet blog.

KYE whitepaper: http://www.honeynet.org/files/KYE-Conficker.pdf (Warning PDF)

All good reading and helpful.

0
0

This post has been deleted by a moderator

Rob
Stop

potatard

damnit John, you had to go spoiling a good little article by chucking in "mash-up" didn't you? -is there any potato involved? -no? then it's a fucking map isnt it?

0
0
Dead Vulture

@ potatard

Damn right - I was reading a walkthrough and apparently I should 'mash' the joystick buttons.

I'm not sure my spud utensil would work with a gamepad!

0
0
Flame

@Support for Conficker

Stop with it the crummy and shameless plug

0
0
Joke

To the Authors of Conficker and open request...

Can you guys get a move on with that update.. the interwebz media is running out of stories on Conficker...

0
0
Thumb Down

Support for Conficker

Nice ad spam from Stuart there - another geek webshite's mods had the good sense to edit his comment before publication.

And no, I don't work for [insert shameless plug here].

0
0
Dead Vulture

@Stuart

Seriously, how the hell did you make that past moderation, or was there back handers involved?

0
0
Silver badge

How about...

How about this for a revolutionary idea...

As this analysis is based on the IPs of the infected machines, how about emailing the ISPs who control these IPs and asking them to inform the user who had that IP allocated at the time of their infection, and pass them some useful links to help them remove the infection...

The mechanism almost already exists on some ISPs to allow the RIAA to pump out the automated "You are an evil pirate, prepare to be cut off!" emails.

This does assume the ISPs give a sh*t of course!

0
0
Thumb Up

@Robbie.

"Can you guys get a move on with that update.. the interwebz media is running out of stories on Conficker..."

I've jailbroken my Conficker worm so that I can add features myself. I hope the upgrade doesn't brick it.

0
0
Heart

Conficker?

I'll eat when I get hungry

I'll drink when I get dry

If the life I live don't kill me

Then I guess I'll never die

I'll tune up my fiddle

I'll rosin up my bow

And find a girl to hold me tight

Anywhere I go

Corn liquor corn liquor's what I cry

If you don't give me corn liquor boy

Somebody's gonna die

Somebody's gonna die oh lord

Somebody's gonna die

0
0
Silver badge
Linux

What the hell are those Confickers up to anyway?

I wish they'd pull the pin already.

I mean FFS, all the 'doze admins here need to be woken up every now and then and I've been patiently waiting for Conficker to be switched on. So far nothing but boring stories guestimating the size of the botnet.

Yawn.

0
0
This topic is closed for new posts.