As a follow-up to my previous blog posting, we’re now seeing infestations for the Blackworm worm (aka KamaSutra) getting close to 2 million.
(This worm actually reports back to a server that is keeping track of the number of infections.)
Yesterday it was at close to 700k.
Of course, it’s possible that this URL has gotten out to the public, which would increase the count (simply hitting the website increments the count by one). However, to my knowledge, this URL is only known in the security community.
Remember that this worm has a very destructive payload. Even if you discount the number here, you’re still looking at a significant number of people who will suffer potentially devastating data loss.
Alex Eckelberry
Update/Clarification: As Jamie points out, the site is recording hits, not unique IPs. Expect the real number of infestations to be probably half the number on the counter. See Securiteam link here.
Update: It’s not a real number, it’s a DDoS attack on the counter (probably by the worm author). Actual infestation rates probably closer to 300k. More here.