The worm remains a potent threat for organizations especially those in the manufacturing, healthcare and government sector. According to a report from F-Secure, the malware was initially designed to infect as many machines as possible, creating a massive botnet. These infected could later be used for numerous crimes that include spreading spam and scareware. “It is likely that the Conficker Working Group effort to counter the spread did make it more difficult for the author to act with impunity, but the author did not seem to have tried his or her hardest,” said the Conficker working group created by the F-Secure firm.
The worm propagates via removable devices, network drives and by attacking the CVE-2008-4250 vulnerability. The flaw exists in the Server service of legacy Windows versions such as Windows 2000, Server 2002 and Server 2008. Though the flaw was patched in 2008, it still remains unpatched in thousands of old systems. In 2017, more than 60,000 systems with the CVE-2008-4250 vulnerability was detected across the world.
Once the worm lands on a system, it creates a copy of itself in the recycle bins of all drives that are connected to the infected systems network and removable devices. Conficker then takes action to execute malware whenever a user browsers on an infected system. “It will then retrieve user account data from the connected systems by enumerating the available servers on a network. As a final step, it will perform a dictionary attack using a predefined password list on these accounts,” said Trend Micro in a blog post. “Although it is not as exciting to the public eye as more modern malware such as WannaCry and Petya, it remains a persistent threat – and will continue to be as long as unsupported, unpatched legacy systems are still a regular part of an organization’s network,” said Trend Micro.
As long as the organization and especially the public sector optimize their patching, attackers will be given easy vectors to attack their systems.
#hacking #cyberpunk #cybergoth #cyber #cybersecurity #informationtechnology #info #hardware #python #intel #amd #hacker #hack #kalilinux #internet #kalilinux #instasecurity #insta