Conficker Statistics

I just did some work on a report that quotes some of the various statistics – or do I mean guesstimates? – regarding how many machines were likely to have been infected by Conficker. That report has already gone out, but it’s been pointed out to me that the wording makes it sound like we’re estimating somewhere between 10 and 50 million.

That wasn’t, in fact, my intention: I’m not in a position to hazard a meaningful guess on the real figure, though even the much-cited  guess of 9-10 million at the low end seems high to me, and I’ve heard some estimates in the past few days at around 1 million-1.5 million which seem likelier. However, the nature of the Internet makes it difficult to generate any statistics in almost any context based on unique IP addresses. Due to factors such as fast flux, NAT, dynamic addressing and so on, a straightforward statistic can mask huge variations either up or down. All credit to F-Secure for trying to establish some kind of ballpark figure: they’re braver than I am.

What I can tell you, for what it’s worth, is that in the report I just mentioned Conficker comes out third highest in our "top ten" for January, behind INF/Autorun and Win32/PWSOnLineGames. Does this give us any sort of clue?

Not really. These figures are based on detections of these threats on machines owned by ESET customers: this suggests malware blocked at the point of entry, though a few of them might be machines that were infected before an ESET scanner was installed. It emphatically does not represent a sample of the total population of infected PCs in the world. It does tell us that there a lot of instances of attempted infections taking place, but it doesn’t give us any meaningful way of quantifying the number of machines that are broadcasting them.

So, sorry. I really have very little idea of how many of the billion or so current users of the Internet are doing so from Conficker-infected PCs. Somewhere between1 million and 50 million, I’d say. Or more. Or possibly less.  Would you settle for "quite a lot"?

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

Author David Harley, ESET

  • kira

    Hi! I’ve been researching the conficker virus a lot. when i noticed that my laptop started to show signs, i new i got infected. now it’s conficker free, I’ve been suspecting a .dll file and I’ve disabled it. it’s name is geczr.dll

    PS sorry for the bad english..

  • Matt Kitson

    I am just thankful all of my PC’s have nod32 installed. Our Mac is on it’s own

  • Charles

    Macs are safe, Matt, worry not.

    • Randy Abrams

      safe from conficker, but there are threats against them.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.