Sunday, April 19, 2009

Kido/Conficker network fear far too exagerated ...

While analysing Kido network behaviour Kaspersky Lab (my colleagues) has been able to develop an application that helped to get an in depth insight into the peer-to-peer network communications of the malware, which have been used to distribute updates over the last week. Over a 24 hour observation period KL identifeid 200652 unique IPs participating in the network, far less then initial estimated Kido infection counts. Of course we always have to be very careful naming numbers so also
this count could be not completely correct ... it shows however that it's definitely not 10 million as some sources reported before.
This is mostly due to the fact that only the latest variants of Kido are participating in the peer-to-peer network and only a fraction of the nodes infected with earlier variants have been updated with new variants.
You can find more at this link.