Conficker/Downadup Still a Threat

The evolution of the conflicker problem has been extremely interesting.
For those not familiar with the infection, it is a very large botnet that has its origins in using an exploit in the Microsoft Windows operating system. While the exploit was patched long before, many users and organizations chose not to run the patch. It spread through other means as well, including using shared resources on networks, and spreading via removable media.

More commonly, especially in enterprise networking and computing it spread because of user’s weak passwords. Conficker became known as a widespread threat because of its ability to spread across a network because of old practices, like setting local administration passwords to 5-6 character passwords, which could be hard to guess as a user, but easy to guess as a computer.

While the virus hasn’t mutated in a very long time, it will be interesting to see what the creators of the worm have in mind for its use. With a couple of million computers infected, the botnet still has a large presence, even if it hasn’t yet been utilized yet.

Advertisements