Conficker: can’t stand up for falling downadup

You might have noticed that Conficker (Downadup) is actually standing up rather well to all the attention it’s receiving at the moment.

Heise UK reported that 2.5 million PCs are already infected (links removed, as Heise no longer seems to have a UK site and the articles have disappeared). In The Register, Dan Goodin reports that the total has increased dramatically since Heise’s initial report to nearly 9 million. (If anyone is interested in how these figures were arrived at, F-Secure have described the process here: it’s guesswork, but it looks like sound guesswork to me.

(Incidentally, I looked back at our ThreatSense.Net® statistics for December, and notice that Conficker had already made number 5 in our top ten detections of known malware worldwide by the end of that month, so we’re not exactly talking about a brand-new fast-burner!)

If you’ve read Randy’s earlier blog, you’ll know that while we take the present epidemic very seriously, there’s an argument for concentrating less on the alarming figures and attributing them to the supernatural powers of what has been described by some as a Superworm, and paying more attention to the fact that a fairly prosaic malicious program has managed to cause so much damage, simply because so many people and sites aren’t taking the elementary precautions that would have dramatically mitigated Conficker’s impact.

Randy’s also participated in a podcast with Ira Victor that ‘s available now: I haven’t looked at it yet, but I’m sure it will be of interest and provide reassurance and sound advice  to anyone feeling down about Downadup.

David Harley 
Director of Malware Intelligence

Author David Harley, ESET

  • Jeff

    I agree, guesswork might mislead people. I would expect more solid examples showing accurate numbers

    • I can understand that you might want more accurate figures – at least, I’m acutely aware that the media and some customers are hungry for numbers – but I’m not sure why you’d expect them. By definition, these are unpatched, unprotected or inadequately-protected machines. This industry is generally focused on generating detection (reactive or proactive) and protection, rather than on generating statistics. Even if we accept your assertion that we (or someone) should be generating more accurate numbers (and frankly, I’m not sure why it matters), I don’t understand how you expect us to count infected machines when we have no direct means of communicating with them. Actually, most of the statistical data available on the internet in general is guesswork. Sometimes it’s useful guesswork, sometimes it’s at least harmless, sometimes it’s worthless, sometimes it’s seriously misleading. I don’t see much value in the guesswork around Conficker drone numbers when the guesses differ so widely.

Follow us

Copyright © 2017 ESET, All Rights Reserved.