Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
Also known as Downadup, Conficker was discovered in November 2008. Since that time, Conficker has infected millions of computers and established the infrastructure for a botnet.
The worm is scheduled to contact control computers and, presumably, carry out some further action on April 1. Some experts have speculated that the attackers will lease parts of the botnet to criminals who will use them for spam, identity theft, phishing exploits and other malicious activities.
Like most current malware, Conficker is a blended threat, combining features of several different approaches. Once Conficker infects a computer, it disables many security features and automatic backup settings, deletes restore points and opens connections to receive instructions from a remote computer. Once the first computer is configured, Conficker uses it to gain access to the rest of the network.
Conficker can spread by several means, copying itself to shared folders, for example, or exploiting the AutoRun utility for removable media. There are three variants of Conficker. Conficker C, the most recent version, exploits peer-to-peer networking capabilities to enhance its spread.
To protect your computer from Conficker, experts recommend that you:
- Keep your system's patches up to date.
- Maintain a good anti-virus product.
- Disable AutoRun.
- Use strong passwords.
- Ensure that shared folders are secured.
Back to: Glossary