Although Microsoft offered a $250,000 reward for information leading to the identities of the cybercriminals behind Conficker, the worm continues to wreak havoc.
Since its inception, there have been numerous variants of the Conficker worm. Some variants use the exploitation of the Autorun function for removable drives and media (such as USB portable storage devices) to spread, while others take advantage of weak passwords to infiltrate networks. Another variant disables Microsoft Windows Update and blocks access to the majority of internet security vendor Web sites, which means users cannot access automatic or manual security updates.
BitDefender researchers predict that Conficker will become an even bigger threat in 2010 by:
The corruption of defensive systems – Conficker will completely neutralize defensive systems and will leave dangerous security internet breaches on user networks.
Distributed denial of service – By paralyzing computers over the Internet, Conficker will prevent the access to particular Web sites for extended periods of time.
Pay-per-click system abuse and fraud – Conficker will be used to visit specific Web sites and will automatically “click” on advertisement banners with the intent of obtaining information for financial gain.
Key logging, traffic monitoring and mass identity theft – Conficker, like many botnets, will be programmed to monitor keyboard activity and collect keystrokes to gain access to users’ personal information.
Spamming – Conficker will harvest e-mail addresses, which will be used to send a massive amounts of spam messages to other computers.