Security Protection – Harry Waldron MVP Rotating Header Image

Conficker Worm – 1,000 Days Old and still active

ESET provides an excellent analysis of how the Conficker worm has survived after 3 years:

Conficker Worm – 1,000 Days Old and still active http://blog.eset.com/2011/08/17/1000-days-of-conficker

QUOTE: It has been 1,000 days since the Conficker worm first appeared on November 21, 2008.  For the first two months after its initial appearance we received a trickle of reports through our ThreatSense.NET telemetry system.  By January of 2009 that had become a flood, and then a deluge, as this “super worm” rose to meteoric infection levels.  Since then, Conficker has consistently shown up as one of the top ten infections in our monthly Global Threat Reports, usually in the number one or number two slot.

So what will it take to finally kill Conficker?  That’s a difficult question to answer.  Clearly, anti-malware software and other technical solutions and prescriptive guidance are not enough, nor is the prospect of being fined for violating industry-specific regulations.  Some of the most successful actions against botnets have been taken by US authorities acting in conjunction with Microsoft, to shut down such botnets such as Waledac, Coreflood and, most recently, Rustock.  These botnets relied on accessing specific domains or computers for their Command and Control servers and began to vanish as soon as these were seized by the authorities.  While the earliest version of Conficker accessed a single domain, later versions switched to access hundreds and then tens of thousands of random domains on a daily basis, making the worm highly resistant to this type of infrastructural attack.

Comments are closed.

Network-wide options by YD - Freelance Wordpress Developer