Chinese ISP hosts 1 in 7 Conficker infections - Network World

Chinese ISP hosts 1 in 7 Conficker infections - Network World

Security experts have known for months that some countries have had a harder time battling the Conficker worm than others. But thanks to data released Wednesday by Shadowserver, a volunteer-run organization, they now have a better idea of which Internet Service Providers have the biggest problem.

In terms of the total number of infected computers, China Telecom's Chinanet seems to have been hardest hit by the worm, which began spreading late last year.

The Chinese ISP had more than 1 million infected systems within its massive 94 million IP address network. That amounts to just over 1 percent of the company's network. But while Chinanet has the most total infections -- amounting to about 14 percent of all known copies of the worm -- it doesn't have the highest percentage of infected systems. Other, smaller ISPs show up on Shadowserver's list with infection rates as high as 25 percent.

"There's definitely a challenge at the ISP level with remediation," said Andre DiMino one of Shadowserver's founders.

Conficker got a lot of attention earlier in the year, including a late March segment on the 60 Minutes television program warning of an April 1 upgrade to the worm. Because Conficker is the most widespread botnet ever reported, security experts worry that it could be used to launch an unprecedented denial of service attack.

But, despite its size, the network of hacked computers has been associated with very little malicious activity. That's given computer users a false sense of security, DiMino said.

"The rate of remediation is not as good as we would have liked," he said. "The awareness and the alarm about Conficker kind of faded out after April 1st because nothing really dramatic happened."

Some ISPs, such as U.S.-based Comcast have taken to notifying users when their computers are infected or offering them free security software so they can get cleaned up. Comcast had a 0.05 percent infection rate, according to Shadowserver's numbers. AT&T was measured at 0.02 percent.

Cyberattacks on U.S. Military Jump Sharply in 2009

Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.
Comments By Robert McMillan

Thu, November 19, 2009 — IDG News Service — Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That's a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will jump 60 percent this year.

The committee is looking into the security implications of the U.S.' trade relationship with China. It released its annual report to Congress Thursday, concluding that a "large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities."

"The quantity of malicious computer activities against he United states increased in 2008 and is rising sharply in 2009," the report states. "Much of this activity appears to originate in China."

"The cost of such attacks is significant," the report notes. Citing data from the Joint Task Force-Global Network Operations, the report says that the military spent $100 million to fend off these attacks between September 2008 and March 2009. A Defense Department spokesman did not have any immediate comment on the report's numbers Thursday.

Attacks on department systems have been rising steadily for years. In 2000, for example, only 1,415 incidents were reported. The increase is in part due to the fact that the U.S. military is simply better at identifying cyberthreats than it used to be, said Chris Poulin, the chief security officer of Q1 Labs, and formerly a manager of intelligence networks within the U.S. Air Force. The department figures are "probably more accurate now," than they were nine years ago, he said.

Security experts have long known that many computer attacks originate from Chinese IP (Internet Protocol) addresses, but due to the decentralized nature of the Internet, it is very difficult to tell when an attack is actually generated in China, instead of simply using Chinese servers as a steppingstone.

Q1's Poulin says that his company's corporate clients in the U.S. are seeing attacks that come from China, North Korea, and the Middle East. "We do definitely see patterns coming from specific nation states."

He said that because China's government has taken steps to control Internet usage in the country, it could probably throttle attacks if it wanted to. "China's defiantly initiating attacks," he said. "State-sponsored? Who knows. But they're certainly not state-choked."