Eyeballing Conficker with eye-charts and maps

Eyeballing Conficker with eye-charts and maps

Summary: As expected, the April 1st activation date for the Conficker worm passed without much noise but, as Microsoft and others are explaining, the botnet associated with the worm is very much alive -- and still potentially dangerous."[This threat] should remain a manageable cause for concern and it doesn’t go away after April 1," says Microsoft's Christopher Budd.

SHARE:

As expected, the April 1st activation date for the Conficker worm passed without much noise but, as Microsoft and others are explaining, the botnet associated with the worm is very much alive -- and still potentially dangerous.

"[This threat] should remain a manageable cause for concern and it doesn’t go away after April 1," says Microsoft's Christopher Budd.  The malware still lives on millions of Windows machines and could start calling home for instructions at any time.

Now that the crazy hype has died down (hopefully!), it's important for end users to get reliable information on eyeballing the presence of Conficker on a machine and, if it's found, disinfection instructions from a Web site that isn't blocked by the malware.

Because Conficker blocks victims from visiting Web sites for anti-malware vendors,  Joe Stewart from SecureWorks has come up with a clever eye-chart (if that gets blocked, try this one) that provides visual confirmation on infections.

If you can see all three images in the top grid below, your computer is NOT infected with Conficker. However, if one of the F-Secure, SecureWorks or Trend Micro logos appears broken, chances are your computer is part of the Conficker botnet. Here's the explanation on how to interpret the chart.

It's also very tricky to point users to disinfection tools because they are all hosted on Web sites that are blocked.  The only one I've seen on an unblocked site is BitDefender's bdtools.net, which offers disinfection tools for single PCs or networks.

If Conficker is not present on your machine, it's important that you apply all Microsoft security updates immediately.

The Conficker Working Group has also provided some excellent maps with a view of the botnet around the world:

WORLD MAP:

USA INFECTIONS:

EUROPE INFECTIONS:

Topics: Software Development, Browser, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion
  • MS is responsible for this

    MS made the software, they are responsible for the
    fiasco from this, that is just ridiculous how
    people blame admins for not patching a box when
    it was poorly engineered from word go.


    Another reason to use Open_Source Linux distro's
    to escape the Hacker/Virus writer arena MS has
    attached and it is getting worse.
    Christian_<><
    • Bull.

      "MS made the software, they are responsible for the fiasco from this"

      Bull. Their patches have been out for [b]MONTHS.[/b] If your machines are not patched, it's your own fault, nobody else's.

      "when it was poorly engineered from word go."

      If you can show me exactly where Vista and/or Windows 7 are poorly engineered, I'll let you have that comment.
      CobraA1
      • Exactly!

        [b]Bull. Their patches have been out for [i]MONTHS[/i]. If your machines are not patched, it's your own fault, nobody else's.[/b]

        Not only that, but those patches were made available out of band - in other words, they released it IMMEDIATELY on October 17th, instead of waiting for the November Patch Tuesday. I'd say that was MS being very responsible.

        I can probably answer to where Windows is "poorly engineered".. He'd probably come back with some nonsense about there being bugs in the code. To wit - DUH..! There's no such thing as 100% bulletproof, bug free code. Not Winodws, not Linux and certainly NOT OSX.

        If code were bug free, there'd never be a need for patches.
        Wolfie2K3
        • The definition of bug free.

          Obsolete
          Dr. John
          • You took the words right out of my mouth!

            :)
            jrbirdman
          • Two other words for "bug free"

            Untested
            Unused
            David A. Pimentel
    • ...

      [i]MS made the software, they are responsible for the fiasco from this, that is just ridiculous how people blame admins for not patching a box when it was poorly engineered from word go.[/i]

      Let me guess... you blame society for a criminal's actions too?

      1st, the hole was found and patched long before confiker was a household name.

      2nd, (unless you can prove otherwise) MS did not create the worm.

      But go ahead, blame MS. I'm sure it makes you feel better.
      Badgered
    • HA HA HA HA.....

      LOL...
      Nsaf
  • Re: MS is responsible for this

    Microsoft is responsible yes. However, Win32:Conficker is showing us why we need software to be innovative and to be tested thoroughly. Windows is not tested solely in a good lab as it should be. They rely on off-site beta testers to run and report so the work is done for Microsoft instead of Microsoft using the talent of really good Software Engineers to build it right the first time.

    Vista promised, as have other Windows releases, to be thought new from the ground up and then we find during the development stage that many of the ground breaking and cool things that would make Windows a far better product have been yanked just to make the release date. Vista was supposed to sport a really new and cool file system. However, several missed release dates latter, we have NTFS.

    Many other core features were dropped too, just to make the release date. Now it's all to clear as to why Vista sucks and I use Linux. Sorry... My rant gets raves!

    Win32:Conficker also shows the extreme level of coding genius and at the same time, the immense lack of use of that genius. We offer people like the author of Win32:Conficker nothing compelling in the form of a job so they can code for the greater good. So these really good coding geniuses write this crap, spread this crap, and never show the world what they could really do if a decent job opportunity existed for what amounts to idle talent. Shame on how we run things America.
    The Rifleman
    • rifleman sniping at the wrong target

      Uh, Rifleman - nice rant, but wrong data - Vista isn't being infected. Vulnerability is there, but the hardening that MS did has spared it from Conficker - something on the order of 0.5% of infections are Vista in the data I've seen. Are you seeing something different or just guessing?

      So let's keep score - if you're running an OS that was developed after 2003 (that's post-XP), OR you install patches within a few months of release, you're basically unscathed.
      djk_marbles
    • HA HA HA HA....

      LOL....
      Nsaf
  • Excellent article and charts ...

    ... the user of my computer finds idiots guides and pictures easiest to follow ;-)
    jacksonjohn
  • Can I get a closeup of Florida -- specifically Tallahassee?

    I'd like to get a better idea of the infection.

    I am able to see three images in Windows Vista.

    Update: I checked into my mom's computer and she does not have a Conficker worm.
    Grayson Peddie
  • skitch.com exceeded bandwidth

    sorry (re: European infections)
    cwallen198031
  • Exceeded Bandwidth?

    What does this mean?
    RushTX
  • RE: Eyeballing Conficker with eye-charts and maps

    ON THE US MAP ABOVE HOW DO YOU ZERO IN ON A SPECIFIC ARER?
    mixxitman03
  • Had to reboot my dual boot system and check twice.

    I read all the graphics perfectly. Rebooted and got the same results. Guess with both my XP SP3 and Ubuntu 8.10, both up to date, and my AVG Free on the XP, I'm covered in this online mess. Not worrying until the next major threat is reported.And that seems to be coming from the ISPs and the government. Conspiracy Theory: Is Cornficker a government con to help push through the government control of the internet?

    Paul
    pfyearwood
  • RE: Eyeballing Conficker with eye-charts and maps

    It's not that hard to protect yourself from the conficker worm, check out this guide http://www.myspywareremoval.org/2009/04/remove-conficker-worm-aka-downup-downadup-kido/
    tecsmedia
  • RE: Eyeballing Conficker with eye-charts and maps

    An OS vendor that cannot secure it's OS against security threats is selling its customers down the river. That they (the customers) need paid gun toting mercenaries (who themselves cannot be relied upon to secure customers safety) to protect them confirms the nexus.
    kmashraf
  • Conficker don't bother me!

    It wasn't really that hard to stay uninfected from the virus. I just kept my computers up todate.
    And I also run AVG, System Explorer, Ccleaner. System Explorer can show you connections (like netstat cmd) and it shows you system startups. I upload prog's that i think are suspicious to VirusTotal.com or Jotti.org. You can also research processes that sound strange at ProcessLibrary.com.
    jbaker.it