Report: 31 percent of detected threats in 2014 attributed to Conficker


Six years after first being spotted in the wild, Conficker is still making its rounds online, and new research suggests that 31 percent of this year's top threats involved the worm.

Conficker capitalizes on unpatched machines that are still running Windows XP, as well as systems operating pirated versions of Windows, according to F-Secure's Threat Report H1 2014, which identifies the top 10 threats of the first half of 2014. The countries most at risk for the worm are Brazil, the United Arab Emirates, Italy, Malaysia and France.

Trailing behind Conficker in the number two slot were Web-based attacks, which accounted for 20 percent of the top threats and frequently target the U.S., France and Sweden. Rounding out the top five were the Majava exploit (11 percent), Sality virus (10 percent), and the Ramnit virus (nine percent). The Majava exploit targeted Western countries, while both viruses had the greatest impact in Asia and South America during the first half of the year.

But of most concern to researchers is the proliferation of ransomware and the potential resurrection of the Gameover Zeus trojan.

As Conficker steadily chugs along, Gameover is quietly waiting on the sidelines. Although the threat was effectively disrupted in early June, it hasn't been completely mitigated, Sean Sullivan, security advisor at F-Secure Labs, noted in the report and reiterated in an interview with He expressed concern that the man behind Gameover, Evgeniy Bogachev, could be silently plotting his next botnet network - one that is more devastating than the first.

“My prediction is that the countermove could be quite destructive,” said Sullivan. After a massive, collaborative international effort to apprehend and prosecute Bogachev, he remains at large and, Sullivan said, dangerous. The security advisor predicted that future iterations of Gameover could take a darker twist on Cryptolocker's ransomware capabilities.

“If you take his botnet away in the future, and he builds up another botnet with Cryptolocker embedded, he could tell his botnet to self-destruct if they haven't connected to their home in a week,” Sullivan said. “Then, they could encrypt everything and destroy the keys.”

A more sinister Cryptolocker would be a nightmare for victims who not only stand to simply lose information but also would never be able to unlock their files.

On the bright side, Sullivan says, banks are better protected on the backend, so banking trojans are less lucrative, which allows consumers to rely on their banks to catch fraudulent charges or wire tranfers. And with banks' security systems ramping up, cybercriminals are aiming their attacks at individual victims more frequently, similarly to Cryptolocker's tactics, to ultimately pay off.

The study also found that malware variants targeting Mac users' bitcoin wallets surfaced this year, as part of 25 newly identified Mac malware threats.

In one instance, a bitcoin wallet stealer variant operated on the hacked Reddit account and personal blog belonging to Mt. Gox's CEO after the Bitcoin exchange went offline. Apparently, the report said, this attack exploited victims' anxiety over getting details on the shutdown.

However, Sullivan said most of the new Mac threats are targeted at human rights activists, especially those pushing out a “Free Tibet” cause.

These activists tend to operate on older Macs, as well, making them more alluring to cyber gangs. “If it [the threat] works, they'll continue,” Sullivan said. “If it doesn't work, they'll move on to something else.”

As with most crimes, attackers will concentrate their efforts wherever they can get the biggest payoff.

Overall, the report also noted the discovery of 572 new mobile threats so far in 2014, and all but one targeted Android devices. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.