Feeds

back to article Conficker botnet wake up call only pinged zombie minority

The effective size of the Conficker botnet might be far smaller than previously thought. Last week machines infected with the latest variant of Conficker began to download additional components - files associated with the rogue anti-malware application SpywareProtect2009 and a notorious botnet client, Waledac - via the worm's …

COMMENTS

This topic is closed for new posts.
Alien

got to admit...

keeping multiple versions of the code extant is quite a clever ploy, if indeed it is intentional. If I were one of those psychological profilers you see a lot of these days in crime dramas, I'd be saying this pointed to a single developer who's intimately familiar with all aspects of the conficker code in all its iterations. They're probably more interested in and gain more satisfaction from the technical complexity of the code and adulation from their perceived peer group than with any payload the software can deliver... a bona-fide hacker type. Expect to see some trickery based around unforeseen interactions between different iterations of the code, or hidden code which will have a very low (but non-zero) probability of activation, which can only be predicted by a thorough understanding of *all* the code in *all* its versions.

0
0
Silver badge

So it's not so bad then ?

The end of the world is postponed yet again, I take it. What else is new ?

0
0
Anonymous Coward

200,652 unique IP Addresses

So how many of those were company IP addresses where its simply the gateway to a much larger private network hiding behind one IP. I've got about 6 PCs at home but they only ever show up as 1 IP because its all using NAT behind my ADSL router.

So 200,652 is the utter minimum. The company I used to work for had about 80 PCs which if they all got infected would only ever show up as 1 IP address.

0
0
This topic is closed for new posts.