The Conficker worm that infected nine million computers at its peak has been operating on 150,000 computers since its first appearance on 21 November 2008, anti-virus company Trend Micro said. Conficker is distributed in a variety of ways, including a vulnerability in the Windows Server service, shared network folders, and the Autorun feature of Windows.
The vulnerability in the Windows Server service was patched by Microsoft on October 23, 2008. In January 2009, Conficker also started distributing itself through the Autorun feature of Windows, something for which Microsoft released an update in February 2011. According to Trend Micro, Conficker is mainly active in China, Brazil and India. These three countries together account for more than half of all infections. Most infections were found in government systems, followed by production companies and health care.
After an infection, Conficker tries to connect every day with all kinds of domains to see if there are new instructions from the makers. ICANN, the organization that is responsible for the distribution of ip numbers and domains, has, however, taken measures so that these domains can not be registered. Thus, the infected computers can not be used for criminal purposes.
According to Trend Micro, Conficker can also be labeled as "background malware" that is mainly active on legacy systems. "Although it is not as interesting to the general public as more modern malware such as WannaCry and Petya, it remains a persistent threat and will remain so as long as unsupported, unpatched legacy systems are still part of corporate networks," says researcher the virus fighter .
No comments:
Post a Comment