Eight years ago, on November 21st, 2008, Conficker reared its ugly head. And since then, the “worm that roared” – as ESET’s distinguished researcher Aryeh Goretsky puts it – has remained stubbornly active.
Targeting Microsoft Windows, it has compromised home, business and government computers across 190 countries, leading experts to call it the most notorious and widespread worm since the emergence of Welchia some five years earlier.
Conficker, as we’ll go onto explore, spawned numerous versions, each promising different attack methods (from injecting malicious code to phishing emails and copying itself to the ADMIN part of a Windows machine). Ultimately though, the worm leveraged – and indeed, continues to leverage – an old, unpatched vulnerability to crack passwords and hijack Windows computers into a botnet. These botnets would then be used to distribute spam or install scareware (again, as they are today).