Downadup infection numbers

Estimates vary wildly as to how many PCs have been infected by Downadup, the virulent computer worm also known as Conficker and Kido. The Telegraph puts the number at over 15 million, while security company F-Secure told ZDNet UK on Thursday that the number of infected IP addresses was between one and two million.

Of course, one infected IP address could indicate one infected machine, or a whole network, if the network is being served by a proxy.

The problem with gauging the scale of, well, the problem, is compounded by different security vendors not having an overall view of global computing. F-Secure has in-depth knowledge of F-Secure customers and their systems, plus whatever malware is hitting its honeypots, Symantec has in-depth knowledge of Symantec customers and their systems, plus whatever is hitting its honeypots, etc, etc. However, none of them has a truly overarching view of all of the malware floating about on all of the internet.

This leads to different estimates of the scale of the problem in different countries. According to F-Secure, China accounts for 15 percent of the systems infected by Downadup globally, while according to Symantec the figure is almost twice that, at 28.7 percent.

Then there is the problem of disinfection and re-infection -- that is alone is going to make any estimate a straw poll, even if you ignore the problem with IP addresses and views limited by customer numbers and distribution.

So what's a poor IT professional to do? Well, patch any systems with the MS08-067 patch, for a start. And take press reports about the scale of infection as rules of thumb, with a pinch of salt, and any other cliches you like.