What is Conficker?
Conficker is a worm that infects computers running the Windows operating system using known errors in Windows. Conficker uses dictionary attacks on administrator passwords to hijack machines and connect them to a virtual machine that is remotely controlled by the creator.
Conficker was first discovered in November 2008. It spread so quickly that it became the largest computer worm infection since SQL slammer from 2003 applied. Researchers believe that as of January 2009, more than 9 million households, businesses and government agencies were affected by computers in more than 200 countries.
The name Conficker is considered a combination of the words 'configuration' and 'fucker'. An alternative origin suggested by Microsoft analyst Joshua Phillips is that it came from trafficconverter.biz as a rearrangement of the domain's letters (although the domain name lacks the letter 'k'). This page was used by Conficker as a blind drop to download its updates.
There are five variants of Conficker, labeled A through E. Each variant is an improvement on the previous one and includes more defense mechanisms against detection.
The first iteration of the worm was spread over the Internet by exploiting a security flaw in the Windows network service. The second variant of the virus has added the ability to spread through local area networks, removable storage, and network shares. The following variants have improved the worm's encryption ability and detection prevention.
While Conficker’s methods are well known to researchers, the combined use of so many defensive methods makes it very difficult to eradicate completely. The constant updating of the worm also serves to keep it alive. Every time a repair or cure has been performed, the authors remove susceptibility to that cure.