Conficker Update. Yes! We are prepared.
That’s what we are now able to say when people ask us. Basically we are processing DNS logs, scraping for any of the 90,000 Conficker A+B domain names. As of tomorrow that won’t necessarily work, as it will be generating 50,000 new domains every day.
What we are doing is comparing all the DNS queries that come in with an in memory database of the conficker domains (very fast), then cross-indexing those IP’s / timedate stamps with user records. Once done, this information is injected into our existing anti-abuse system. While I can’t say what happens then, let’s just say that our existing process (people, machines, etc) deal well with viruses, and worms.
My current (un-verified) estimate is that there are anywhere from 0.001 – 0.002% of our customers infected. This is lower than expected, as I think Canada makes up for about 5.8% of the entire 3 Million hosts, which would work out to a national average of 0.005 – 0.006 %. I entirely attribute this to some of the super secret “we’ll take care of you” anti-abuse systems we’ve put in place for consumers.
I never realized how hard it is to talk about stuff like this, and remain confidential 🙂 Conficker Update!!!