For the past 16 years, Conficker has been a virulent piece of malware. First identified in November 2008, it continues to persist in legacy operating systems (looking at you, Windows XP and Windows Server 2003). Take a look back in this edition of Tech Time Warp.
You might say, didn’t Microsoft end support for Windows XP in 2014 and Windows Server 2003 in 2015? And you are correct. But as late as 2021, cases of Conficker were still being detected in operational technology (OT) environments. OT is costly and hard to replace, and once its OS reaches end-of-life, security patches are unavailable for any vulnerabilities. OT environments running these operating systems are mostly found in used in countries such as Brazil, India, Thailand, and the Philippines.
The rise and fall of Conficker
Although Conficker is persistent, thankfully it never reached its full potential as a botnet. Conficker expert Mark Bowden wrote in a June 29, 2019, op-ed for The New York Times that at its peak the malware had compromised more than 10 million individual IP addresses. But, Bowden suggests, because Conficker was the subject of tremendous publicity from the moment it was first detected, the botnet was only used once to enact a relatively mild form of “scareware.”
Some have posited that Conficker was an academic experiment and its creators never intended to use it. However, Bowden points to a December 2015 article from The Journal of Sensitive Cyber Research and Engineering. The article’s theory was that Conficker was neutered by its potential. Its rapid growth and sophisticated encryption simply attracted too much attention. With their handwork in the spotlight, the hackers couldn’t put it to use.
Conficker’s origin was eventually tracked to Ukrainian hackers. One clue that helped authorities crack the case: The malware was programmed to self-destruct on any machine with a Ukrainian keyboard.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: Odua Images / Shutterstock
