A Search is Launched for Conficker's First Victim
Robert McMillan writes on ComputerWorld:
Where did the Conficker worm come from? Researchers at the University of Michigan are trying to find out, using a vast network of Internet sensors to track down the so-called "patient zero" of an outbreak that has infected more than 10 million computers to date.More here.
The university uses so-called Darknet sensors that were set up about six years ago to keep track of malicious activity. With funding from the U.S. Department of Homeland Security, computer scientists have banded together to share data collected from sensors around the world.
"The goal is to get close enough so you can actually start mapping out how the spread started," said Jon Oberheide, a University of Michigan graduate student who is working on the project.
But that's not an easy job. To find the minuscule clues that will identify the victim, researchers must sift through more than 50 terabytes of data to find the telltale signatures of a Conficker scan.