The recently released 12th volume of the Microsoft Security Intelligence Report has shown us that the Conficker worm is still alive and kicking, as it can be found on more than 1.7 million machines around the world.
Even though it is has seemingly been dropped by its developers, the worm’s characteristics still make it an unwelcome addition to computer systems of any kind.
As Rodney Joffe, senior technologist at Neustar, shared with Gregg Keizer, Conficker’s presence on a machine practically guarantees infections by other malware.
Why is that?
Well, for one, Conficker disables AV solutions installed on the computers, and in general prevents them from being updated with new signatures by blocking them from contacting the AV vendors’ websites and servers.
Two, the worm switches off the automatic updating of the Windows OS, and also prevents the machine from contacting the Windows Update website and picking up new fixes and patches.
Thusly crippled by Conficker, the computers are easily infected with other malware that exploits newly found vulnerabilities that the machines are unable to receive security patches for.
In the meantime, the Conficker Working Group (CWG) is still running and still manages to keep the Conficker botnet sinkholed by registering new C&C domain before the criminals manage to get them.
According to Joffe, the botnet herders occasionally do manage to gain control of parts of the botnet, but are in general rather casual about doing so. Unfortunately, that is likely because they have managed to compromise those machines with other malware.