China last year hosted more than one in four of the world’s computers infected with a major variant of the Conficker worm, according to an official report, highlighting the wide reach of malware inside the country.
China had about 7 million Internet Protocol (IP) addresses infected with Conficker B at the end of last year, according to a recent annual security report posted on the Web site of China’s National Computer Network Emergency Response Technical Team (CNCERT). The number of infections varied during the second half of the year, which the report covered, but was higher than 5 million during all but one week.
The huge figures gave China up to 28 percent of the world’s Conficker B infections depending on the week, the report shows.
The controllers of Conficker so far have hardly used their network of infected computers, but they could potentially use it to launch a crippling denial-of-service attack by ordering all of the computers to contact a victim server at the same time.
Malware is a growing problem worldwide, but Chinese PC users may be more easily hit than others. Over 4 percent of China’s more than 380 million Internet users run no security software, according to a recent survey. Software piracy is also rampant in the country, with unlicensed versions of Windows XP running on many PCs that are unlikely to receive regular security updates.
Conficker began spreading late in 2008 and has become the most widespread known botnet. But attention to the worm fell off last year when April 1, a day the worm was due to update, came and passed without incident. Millions of PCs worldwide remain infected with the worm.
China also had anywhere from 125,000 to over 300,000 IPs infected with Conficker C during the second half of last year, giving it up to 20 percent of the world’s infections for that variant, according to the report.
The numbers in the Chinese report are much higher than similar figures from the Shadowserver Foundation, a volunteer-run group. Shadowserver’s Web site shows less than 2 million infections in China. The reason for the difference was unclear, but counting infected IPs can be difficult for various reasons. For instance, PCs are sometimes assigned a new IP address each time they connect to the Internet, so an infected machine that shuts and reopens its Internet connection repeatedly could cause multiple IPs to appear infected.
The Chinese report also reported a fall in the country’s number of PCs controlled by Trojan horses and botnets. China had 260,000 PCs controlled by Trojans, down more than half from the previous year, and 837,000 machines controlled by botnets, down more than 30 percent.