Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Conficker is a worm that infects computers running the Windows operating system by using known flaws in Windows. Conficker uses dictionary attacks on administrator passwords to hijack machines and link them to a virtual machine that is remotely controlled by its creator.
Conficker was first detected in November of 2008. It spread so rapidly that it was considered to be the biggest computer worm infection since the SQL Slammer of 2003. Researchers believe that by January 2009, it had affected more than 9 million home, business and government computers in more than 200 countries.
The name Conficker is considered a combination of the words "configuration" and "ficker." An alternate origin suggested by Microsoft analyst Joshua Phillips is that it came from trafficconverter.biz, as a rearrangement of the letters of the domain (even though the domain name lacks the letter "k"). This site was used by Conficker as a blind drop to download its updates.
There are five variants of Conficker, designated A through E. Each variant is an improvement of the previous one and contains more defense mechanisms against detection.
The first iteration of the worm was propagated via the internet by exploiting a vulnerability in Windows' network service. The second variant of the virus added the ability to propagate via local area networks, removable storage and network sharing. Subsequent variants have improved the worm’s encryption ability and detection prevention.
Although Conficker's methods are well known by researchers, its combined use of so many defense methods makes it very difficult to totally eradicate. The constant update of the worm also serves to keep it alive. Every time a fix or cure has been made, its authors remove the vulnerability against that cure.