Conficker Worm Still Lurking, Threat Remains

While the media frenzy surrounding the Conficker worm may have died down over the past several months, recent reports suggest that the computer worm is alive and well, and continues to expose PC users worldwide to the risk of identity theft and other mischief. 

Conficker (also known as Downup, Downandup, Conflicker, and Kido), a computer worm that attacks Microsoft Windows operating systems, was pegged by the media to wreak havoc worldwide on April Fool’s Day of this year. In the weeks leading to what some experts dubbed our “digital Pearl Harbor,” numerous reports surfaced documenting the sheer scope of the worm’s reach: in addition to infecting millions of Windows operating systems worldwide, the worm also reportedly infiltrated the French government’s naval systems – forcing the French to ground their warplanes – and the British Parliament’s computer network.

Despite the massive media furor, April Fool’s Day passed with relatively little disruption. However, recent reports suggest that Conficker not only remains active – but that it has begun its bid to steal users’ private and financial information.

In its June, 2009 report, ESET, a security and anti-virus firm, listed Conficker as one of the top malicious threats to PC users, accounting for nearly 10% of all computer infiltrations worldwide in May, 2009. Other security experts have also reported that Conficker continues to infect computers at an alarming rate of up to 50,000 computers daily — in part due to the worm’s ability to spread across computer networks with alarming efficiency, and to access even out-of-network computers by infecting popular computer-to-computer plug-in peripheral devices (such as USB drives and external hard drives). 

Despite its aggressive success in infecting computers worldwide, however, Conficker’s purpose still remains relatively unclear. Experts warned that, in theory, infected computers would essentially be transformed into “zombie machines” that follow almost limitless commands and download software from remote servers — whatever those instructions or software may be, suspected to range from keystroke logging to spam generators

Not surprisingly, Conficker’s recent activity confirms that at least one of its purposes is to steal users’ financial information. Beginning in April, 2009, infected computers have begun installing bogus security software (or "scareware") in a bid to defraud users into paying for fake anti-virus programs. The software alerts users that their computers are infected with Conficker — but unwitting users who agree to pay for the fake anti-virus software not only lose $50 in exchange for more malicious software, but also risk having their financial information stored and stolen, opening a gateway to identity theft

It is unclear if the worst is over. Conficker remains active, and its “commands” from remote servers can prompt infected computers to download further malicious software compromising users’ security and hijacking their computers in any number of ways. While the "scareware" tactic that Conficker has displayed so far may be transparent to even mildly sophisticated PC users, it should serve as a warning that the worm is actively pursuing users’ private and financial information — and may employ any number of methods to access it.  

Links

Leave a Reply

Your email address will not be published. Required fields are marked *