Conficker: 1 Year Later, 7 Million Infected

"'The only thing I can guess at is the person who created this is scared,' said Eric Sites, chief technology officer with Sunbelt Software and a member of the working group.

"'This thing has cost so many companies and people money to get fixed, if they ever find the guys who did this, they're going away for a long time.'"

This from a Network World write-up on Conficker, 1 year later.

What a lot of folks find perhaps most interesting about Conficker is,

"Despite its size, Conficker has rarely been used by the criminals who control it.

"Why it hasn't been used more is a bit of a mystery.

"Some members of the Conficker Working Group believe that Conficker's author may be reluctant to attract more attention, given the worm's overwhelming success at infecting computers."

Regardless of whether or not it has been used a lot 'til now, the fact of the matter is, that the Conficker Working Group estimates 7 million PCs have been infected thus far with variants A and B of the worm.

Another thing that caught our eye about the worm was that it's apparently very (perhaps most?) common in China and Brazil, which according to the Network World piece (although we could not confirm this) cites the Conficker Working Group, as,

"suspect[ing] that many of the infected PCs are running bootlegged copies of Microsoft Windows, and are therefore unable to download the patches or Microsoft's Malicious Software Removal Tool, which could remove the infection."

This policy of Microsoft's is definitely a subject of some debate.

Clearly, regrettably, a lot of people pirate Microsoft's software; that Microsoft in effect actually punishes others by helping to perpetuate the worm by refusing to allow the pirates to update their copies of Windows (or download the Malicious Software Removal Tool), really doesn't make sense.

Microsoft's belief, no doubt, is that if pirates can't use their computers because of the worms, they'll wise-up and buy legitimate copies of Windows.

I doubt it.

If a computer is infected, the solution to the pirate is most often just to re-install their OS from scratch if needed and to take other steps (i.e. like installing antivirus software) to prevent re-infection. Others just think their computers are slow and don't know why or ignore the worm altogether and go on about their day.

Whatever the case in the mean time though, by preventing updates, Microsoft's policy allows Conficker to spread, grow, and perpetuate.