Conficker paves the way for other malware
Posted on 30.04.2012
The recently released 12th volume of the Microsoft Security Intelligence Report has shown us that the Conficker worm is still alive and kicking, as it can be found on more than 1.7 million machines around the world.

Even though it is has seemingly been dropped by its developers, the worm's characteristics still make it an unwelcome addition to computer systems of any kind.

As Rodney Joffe, senior technologist at Neustar, shared with Gregg Keizer, Conficker's presence on a machine practically guarantees infections by other malware.

Why is that?

Well, for one, Conficker disables AV solutions installed on the computers, and in general prevents them from being updated with new signatures by blocking them from contacting the AV vendors' websites and servers.

Two, the worm switches off the automatic updating of the Windows OS, and also prevents the machine from contacting the Windows Update website and picking up new fixes and patches.

Thusly crippled by Conficker, the computers are easily infected with other malware that exploits newly found vulnerabilities that the machines are unable to receive security patches for.

In the meantime, the Conficker Working Group (CWG) is still running and still manages to keep the Conficker botnet sinkholed by registering new C&C domain before the criminals manage to get them.

According to Joffe, the botnet herders occasionally do manage to gain control of parts of the botnet, but are in general rather casual about doing so. Unfortunately, that is likely because they have managed to compromise those machines with other malware.


Most IT pros have seen potentially embarrassing information about their colleagues

More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th