As Conficker hit its eighth birthday Monday, it’s still going strong, according to researchers at ESET.
Since 2008 the worm has targeted Microsoft Windows computers in 190 million with a total of 11 million devices being infected to date, according to a retrospective blog done by ESET, which estimated damage done by Conficker to be in the $9 billion range. A few of the higher profile targets it has nailed are the U.K. Ministry of Defense and the German armed forces.
“Ultimately though, the worm leveraged – and indeed, continues to leverage – an old, unpatched vulnerability to crack passwords and hijack Windows computers into a botnet. These botnets would then be used to distribute spam or install scareware (again, as they are today),” ESET researchers wrote.
The malware is now being used to target Internet of Things (IoT) devices, ESET said. Hacked IoT devices were recently responsible for a massive Mirai DDoS attack that knocked Twitter, Spotify, Netflix, GitHub, Amazon and Reddit.
One reason Conficker has endured the test of time is the constant upgrades and new variants developed by cybercriminals. Over the years it has graduated from being spread via USB to analysts now believe it can move laterally through a network to target specific devices.
However, despite these changes much of its current success still depends upon an old, unpatched vulnerability (MS08-67) enabling it to crack Windows passwords and turn the computer into a botnet. Microsoft executives were so angry at Conficker that in 2009 the company offered a $250,000. ESET noted.
Strangely, despite the success Conficker enjoyed in infecting and self-propagating itself around the world, ESET’s senior research fellow David Harley said the infected computers have never been used for much.
“Maybe the gang just decided that the botnet was being watched too closely by the security industry to accomplish anything,” he said in the blog.