I just did some work on a report that quotes some of the various statistics – or do I mean guesstimates? – regarding how many machines were likely to have been infected by Conficker. That report has already gone out, but it’s been pointed out to me that the wording makes it sound like we’re estimating somewhere between 10 and 50 million.
That wasn’t, in fact, my intention: I’m not in a position to hazard a meaningful guess on the real figure, though even the much-cited guess of 9-10 million at the low end seems high to me, and I’ve heard some estimates in the past few days at around 1 million-1.5 million which seem likelier. However, the nature of the Internet makes it difficult to generate any statistics in almost any context based on unique IP addresses. Due to factors such as fast flux, NAT, dynamic addressing and so on, a straightforward statistic can mask huge variations either up or down. All credit to F-Secure for trying to establish some kind of ballpark figure: they’re braver than I am.
What I can tell you, for what it’s worth, is that in the report I just mentioned Conficker comes out third highest in our "top ten" for January, behind INF/Autorun and Win32/PWSOnLineGames. Does this give us any sort of clue?
Not really. These figures are based on detections of these threats on machines owned by ESET customers: this suggests malware blocked at the point of entry, though a few of them might be machines that were infected before an ESET scanner was installed. It emphatically does not represent a sample of the total population of infected PCs in the world. It does tell us that there a lot of instances of attempted infections taking place, but it doesn’t give us any meaningful way of quantifying the number of machines that are broadcasting them.
So, sorry. I really have very little idea of how many of the billion or so current users of the Internet are doing so from Conficker-infected PCs. Somewhere between1 million and 50 million, I’d say. Or more. Or possibly less. Would you settle for "quite a lot"?
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, We Live Security