Conficker, One Year On

I’ve seen a few articles popping up about Conficker and how damaging it was and how we handled it. Conflicker was first detected in November 2008 and It exploited several flaws in the Microsoft Windows Operating Systems to establish a connection with a cloud based virtualised administration console.

The authors simply wanted to create a large botnet, which could provide a foundation for DDoS attacks. These bots or zombie machines would be controlled remotely allowing commands to be executing in the background without the knowledge of the user.

To increase the distribution of the worm Conficker exploited a vulnerability in the Server service to infect and self propagate. Once infected, a machine could then infect other machines on its network as well as jumping greater divides by distributing as a self executable on a memory stick. These methods were very effective in propagating the worm across networks faster than action could be taken to counteract it.

Conficker's effects to private and public sector organisations were huge and created an impact to normal activities as it was necessary to put quarantining procedures in place to stop any further spread.

Globally it was reported that significant outages were being caused in business and government bodies. One example was a number of French military aircraft having to be grounded because they were unable to download flight plans because of Conficker.