Venerable Conficker Worm Survives on Obsolete Legacy Systems
The 8-year-old worm continues to infect in some corners of the Internet, highlighting the difficulty in eradicating more virulent programs.On Oct. 23, 2008, Microsoft revealed a critical flaw that could allow an attacker to remotely compromise and infect Windows XP, Windows 2000 and Windows Server 2003 systems. It took only a week for the Internet's seedier element to create the first malware based on the vulnerability. While initial attacks targeted specific companies and infected fewer than a dozen systems a day, the situation was much worse a month later when an unknown malware developer released a self-propagating worm. The program, called Conficker, spread quickly by automatically infecting vulnerable systems. Subsequent versions of the program—especially Conficker.C, released in February 2009—spread even more rapidly and added techniques to evade antivirus defenses. Today, Conficker continues to live on, despite repeated efforts to eradicate the worm and the end of product support for the affected Windows versions. In its March 2016 threat update, for example, security firm Check Point Software Technologies revealed that Conficker made up 20 percent of the attacks recognized by its systems.
Other security firms confirm that Conficker continues to be a significant issue for many companies. In its Security Intelligence Report, Microsoft found Conficker to be the sixth most prevalent attack on server systems and 39th overall. Security firm F-Secure found Conficker accounting for about 0.6 percent of all malware detected at the end of 2015, sharing the top spot with a newer worm known as Njw0rm.