Conficker still going strong, Akamai finds

Russian botnets keeps menace alive.

John E. Dunn (Techworld)
16 January, 2010 02:01
Comments

Russia and Brazil are now the top hotspots for global Internet attack traffic, Net giant Akamai has said in its latest threat report, placing most of the blame on the hardy Conficker worm.

In the third quarter of 2009, the pair snatched the dubious honour from the USA and China, which had topped the table in previous quarters. Russia accounted for 13 percent of all such traffic, with Brazil on 8.6 percent, both large rises over the previous quarter, with the US now on 6.9 percent and China on 6.5 percent.

It's hard to know whether to read too much into the figures given the wild swing shown by China in particular. The second quarter figures put that country on almost a third of all Internet attack traffic, so its fall is likely to be caused by a natural fluctuation in the types of attack rather than a major change to its importance for the hosting of Internet crime.

Akamai pins the blame for Russia and Brazil's rise on Conficker, which uses port 445 for its botnet communication, not coincidentally the Microsoft directory service (MS-DS) port through which most traffic was directed. Both countries have a persistent problem with the worm. This port alone was the target for 78 percent of all attack traffic.

This left Telnet (port 23), NetBIOS (port 139), Microsoft-RPC (port 135) and SSH (port 22) a long way behind with shares from 2 percent to 4.4 percent of attack traffic. Ninety-five percent of all attacks went through only 10 ports, leaving a further 3,800 more obscure ports to share the remaining 5 percent of attack traffic.

"Although mainstream and industry media coverage of the Conficker worm and its variants has dropped significantly since peaking in the second quarter, it is clear from this data that the worm is apparently still quite active, searching out new systems to infect," the authors note.

A mild frustration of reports such as this is the time delay built into their collation - the Akamai reports collects stats for July, August and September of last year, which makes them almost 4 months out of date. A lot can change in that time period.

Elsewhere in the report, Akamai collects some figures on broadband speeds around the globe. If the UK did well on security, showing low levels of attack traffic, on broadband it sinks into a mediocrity that will not surprise consumers struggling with poor throughput from almost any provider they choose. The UK's average broadband speed was a measly 3.4Mbit/s, with barely one in five connections exceeding 5 Mbit/s.