Conficker botnet wake up call only pinged zombie minority The effective size of the Conficker botnet might be far smaller than previously thought. Last week machines infected with the latest variant of Conficker began to download additional components - files associated with the rogue anti-malware application SpywareProtect2009 and a notorious botnet client, Waledac - via the worm's …
keeping multiple versions of the code extant is quite a clever ploy, if indeed it is intentional. If I were one of those psychological profilers you see a lot of these days in crime dramas, I'd be saying this pointed to a single developer who's intimately familiar with all aspects of the conficker code in all its iterations. They're probably more interested in and gain more satisfaction from the technical complexity of the code and adulation from their perceived peer group than with any payload the software can deliver... a bona-fide hacker type. Expect to see some trickery based around unforeseen interactions between different iterations of the code, or hidden code which will have a very low (but non-zero) probability of activation, which can only be predicted by a thorough understanding of *all* the code in *all* its versions.
So how many of those were company IP addresses where its simply the gateway to a much larger private network hiding behind one IP. I've got about 6 PCs at home but they only ever show up as 1 IP because its all using NAT behind my ADSL router.
So 200,652 is the utter minimum. The company I used to work for had about 80 PCs which if they all got infected would only ever show up as 1 IP address.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
