The Conficker worm may have infected more machines than previously thought, according to Internet infrastructure provider OpenDNS.
The company said Wednesday that 500,000 of its users have been infected with the latest variant of the worm, called Conficker.C. OpenDNS has more than 10 million users worldwide, the company said.
[ Conficker's activation date passed quietly, but threat isn't over. | Beware: Fake security software scammers have been jumping on Conficker. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
OpenDNS wouldn't say exactly what percentage of its users were infected by the worm, but the Conficker.C infections it counted were much higher than expected, according to David Ulevitch, the founder of OpenDNS.
Conficker.C began using a new algorithm on Wednesday to look for instructions from its creator, prompting speculation that it might be readying for an attack. According to security experts, however, the worm has been quiet so far.
Previous estimates had placed the number of Conficker infections, including all variants, at anywhere between a few million and 10 million PCs, but according to Ulevitch the worm is "probably bigger than people think, based on what we're seeing here."
OpenDNS is used by just a tiny fraction of the Internet's estimated 1.5 billion users, so its numbers provide a tiny picture of a much larger population.
The company tracked Conficker.C infections by analyzing the DNS (Domain Name System) requests made on its network and looking for a special pattern of DNS lookups that is unique to the worm. It did not provide data on the number of computers infected by older versions of the worm, known as Conficker.A and Conficker.B.
According to OpenDNS, Vietnam has been hardest hit by the worm, with 13 percent of the total infections it tracked. The countries with the next-largest number of infections are Brazil, the Philippines, Indonesia and Algeria.