• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

[NEWS] Conficker worm, still active after 9 years

Not open for further replies.


Admin / Security Staff
Staff member

The Conficker worm which at its peak infected nine million computers is 9 years since the first appearance on November 21st, 2008 is still active on 150,000 computers according to, anti-virus company Trend Micro. Conficker spreads in several ways, including a vulnerability in the Windows Server Service, shared network folders, and the Autorun feature of Microsoft Windows.

The vulnerability in the Windows Server service was patched by Microsoft on October 23, 2008. In January 2009, Conficker also began to propagate through the Windows Autorun feature according to Trend Micro, Conficker is mainly active in China, Brazil, and India. These three countries are responsible for more than half of all infections worldwide. Most of the Conficker infections were found in government systems, followed by production companies and health care.

After an infection, Conficker tries to connect to all kinds of domains every day to see if there are new instructions from the creators. However, ICANN, the organization responsible for the distribution of IP numbers and domains, has taken measures so that these domains cannot be registered. Thus, the infected computers cannot be used for criminal purposes.

According to Trend Micro, Conficker is also used as "background malware", which is mainly active on legacy systems. "Although it is not as interesting for the general public as more modern malware as WannaCry and Petya, it remains a persistent threat and will continue to do so as long as no longer supported; unpatched legacy systems are still part of Business networks."

Source: http://blog.trendmicro.com/trendlab...wnad-9-years-examining-impact-legacy-systems/
Not open for further replies.