Conficker paves the way for other malware
Posted on 30.04.2012
The recently released 12th volume of the Microsoft Security Intelligence Report has shown us that the Conficker worm is still alive and kicking, as it can be found on more than 1.7 million machines around the world.

Even though it is has seemingly been dropped by its developers, the worm's characteristics still make it an unwelcome addition to computer systems of any kind.

As Rodney Joffe, senior technologist at Neustar, shared with Gregg Keizer, Conficker's presence on a machine practically guarantees infections by other malware.

Why is that?

Well, for one, Conficker disables AV solutions installed on the computers, and in general prevents them from being updated with new signatures by blocking them from contacting the AV vendors' websites and servers.

Two, the worm switches off the automatic updating of the Windows OS, and also prevents the machine from contacting the Windows Update website and picking up new fixes and patches.

Thusly crippled by Conficker, the computers are easily infected with other malware that exploits newly found vulnerabilities that the machines are unable to receive security patches for.

In the meantime, the Conficker Working Group (CWG) is still running and still manages to keep the Conficker botnet sinkholed by registering new C&C domain before the criminals manage to get them.

According to Joffe, the botnet herders occasionally do manage to gain control of parts of the botnet, but are in general rather casual about doing so. Unfortunately, that is likely because they have managed to compromise those machines with other malware.


More than a third of employees would sell company data

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 31st