Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • PC Hardware

    Conficker, Still Infecting Windows Machines a Year Later, Remains an Enigma

    Written by

    Brian Prince
    Published November 1, 2009
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The Conficker worm struck Windows computers this past year with the force of a tsunami and swept away illusions of security in the minds of its victims. But after the overhyped April 1 deadline passed quietly, interest in the general public started to dwindle, and the malware for some became just another entry on an ever-growing list of cyber-threats.

      The worm itself however did not disappear. Today, roughly a year after its appearance, Conficker is still resting on millions of systems around the world. From its innovation to its persistence, Conficker has emerged as a stark example of the dangers of malware, poor patching practices and what the security community can accomplish by working together.

      “This certainly is one of the most sophisticated pieces of malware that we’ve ever seen, and that’s why the security industry continues to be interested in it in spite of the fact that not a lot has happened over the course of the past year,” said Tom Cross, manager of IBM X-Force Advanced Research. “Lots of people have said this is not interesting anymore and stopped paying attention, but those of us who are responsible for this stuff [are] still watching.”

      Those watching remember that the worm first crept into the public consciousness in November 2008, when Microsoft reported the worm was targeting a vulnerability in their Server service. Microsoft had already issued a rare out-of-band patch for the flaw the previous month in light of limited attacks against it by malware such as the Gimmiv Trojan. Just before the start of the year, Microsoft officials once again advised organizations to apply the patch.

      By then, Conficker B was out. The malware authors would go on to update the worm multiple times, with each version providing a new twist on its functionality. Just how many machines are infected with the worm is unknown. According to the Conficker Working Group, as of Oct. 28, 2009, there were more than 7 million unique IPs infected with Conficker variants A, B and C connecting to the group’s tracking systems. Many of the new infections are happening outside the United States in countries like Brazil.

      That there could be so many machines still infected with the worm doesn’t surprise Eric Sites, a member of the Conficker Working Group and CTO of Sunbelt Software.

      “Given the level of the attack and the reinfection rates we’ve seen, this is not surprising,” he said. “Above all, it’s a reminder of how few people actually patch their systems on a regular basis. Despite the fact that Microsoft came out with a patch in October 2008, before Conficker took hold, the numbers of infected skyrocketed and continue to be very high.”

      Patching systems and applications is often cited as a common cause for hacks and security breaches. But also problematic is the fact that the worm spread in a number of ways-the Microsoft vulnerability, USB devices and unprotected file shares are all attack vectors depending on the variant.

      “By combining multiple techniques, including auto-run programs to infect USB keys, the worm was able to replicate itself without direction from its creators, which facilitated the spread,” Sites said. “Companies were cleaning the same PCs several times only to see them reinfected.”

      Part of the challenge with Conficker is the cleaning process. The malware blocked access to known security sites, making it difficult for victims to download removal tools from vendors like Symantec, McAfee and others. The manual removal process is “a whopper,” said Mikko Hypp??énen, chief research officer at F-Secure.

      “Conficker was tricky in many ways, but many organizations had really depressing incidents where they pulled a huge effort to clean up a large network, only to have it reinfected in hours,” he said. “It requires careful planning to prevent this.”

      That sentiment could explain why the worm continues to plague Windows computers roughly a year after it first appeared. If nothing else, its authors were innovative-illustrated by their use of the MD6 cryptographic hash. They also upped the ante by adding self-defense mechanisms into the worm as part of some of the updates-such as the ability to disable security services like Automatic Update.

      Given all this, perhaps it is wishful thinking to assume other black hats won’t copy Conficker’s tactics.

      “I haven’t seen any particular pieces of malware that I felt borrowed from Conficker,” Cross noted. “But I think that Conficker will have an influence on other malware authors. Conficker sort of demonstrated a successful peer-to-peer communications technique that might be adopted by [others]. … So I would not be surprised to see other malware that comes out in the future that borrows some of these techniques.”

      The mystery surrounding Conficker-who is controlling all these infected nodes, what do they plan to do with them, etc.-has only served to keep the security community focused, Cross said. That may be the best thing about the worm-it caused the security community to come together. The Conficker Working Group-whose membership includes Microsoft, Afilias, Symantec and others-continues to fight the malware and track infection rates around the world.

      “Over my 20-year career in information security, Conficker Working Group has been the single best example of cross-industry co-operation,” declared Hypp??énen, noting the cooperation went beyond traditional security companies to include CERTs, registrars and others.

      Sites agreed, adding it is likely that similar partnerships will be seen again.

      “There was an immediate collaboration among the top AV researchers and vendors, and the Conficker Working Group was created in short order as a think tank and a mechanism for sharing what we were all learning,” he said. “Although we probably won’t see a threat of this magnitude for some time, if ever again, I certainly expect that this collaboration will continue. We have a vested interest in helping each other as we battle the cyber-criminal element together.”

      Brian Prince
      Brian Prince

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×