Conficker Worm of 2009

by Frank Jovine on 12/31/2009 in Security, Security Info, Virus Threats

Conficker worm first appeared at the end of 2008, but it was in 2009 that the Conficker worm caused the most problems with users worldwide. The worm affected anything in its path, like a Godzilla of worms. It had no prejudice of who its next victim would be. It crippled small and medium size business, putting them in a security frenzy of sorts. The worm is still active today, even as we close out 2009.

W32/Conficker comes in several ingredients or in industry terms (variants) and is a network propagating worm that has the ability to update itself by downloads from the Internet. These downloads are from a subset of servers chosen by the worm from a very large set of generated potential download servers.

The worm’s most significant menace is how it exploits a vulnerability in Windows Server Service. This vulnerability allows the worm to trigger a download of itself to the remote computer without the user’s knowledge.

The worm also spreads to Windows shares in a network and to/from removable drives and USB sticks also known as thumb drives. The former makes it difficult to get rid of in a network, while the latter has resulted in several infections in high-profile organizations, which normally would have had quite adequate security systems in place.

The Conficker worms have advanced systems to protect themselves from being disabled by well known antivirus applications. It’s a tough worm and one that will be hard to top in 2010.

The worm has been pretty much silent since April 2009. It’s important to always keep your antivirus applications updated.

What award do we give this worm? The Godzilla Worm Award would fit well.