Blog

The notorious Conficker worm (a.k.a. Downup, Downadup and Kido) first reared its malicious head in 2008 – which makes it virtually prehistoric.

However, unlike bloodcurdling dinosaurs that are safely tucked away underground or in museums, Conficker hasn’t faded away into annals of cyber threat history. On the contrary, a recent report from SCMagazineUK.com claims that in October of last year, as many as 20 percent of all global attacks worldwide stemmed from Conficker. What’s more, the Conficker Working Group estimates that Conficker traffic continues to derive from approximately 800,000 IP addresses, which means that around 500,000 infected devices are still in use.

“Ah, Ah, Ah, Ah Staying Aliiiiiiiive”

The secret of Conficker’s staying power is its ability to spread without human intervention. It copies itself to the Windows system folder using a random name, installs itself as a service and spreads through file sharing and removable drives, particularly if they have weak passwords. Conficker automatically looks for updates of itself, making it even harder for anti-virus packages to keep up.

Once it breaches an endpoint, Conficker goes to work making life miserable for victims carrying out a range of insidious acts, including:

• Forming botnets and unleashing brute-force attacks to crack passwords
• Disabling key service systems and security products, including Windows Defender, Microsoft Security Essentials and Windows Update
• Downloading arbitrary files
• Blocking access to certain websites, including those that provide security updates

Conficker: Not Going Gently into that Good Night

Furthermore, businesses hoping that the recent Conficker flare-up represents the last gasp of a declining antagonist should re-set their expectations – because the redux is being viewed as an ongoing trend, not a temporary event. As SCMagazineUK.com notes:

“What marks Conficker’s resurgence now is not only its brute-force attack ability on passwords but also its longer term ability to still cause impact. As botnets and remote control PC attacks now still grow, the prevalence of ransomware and data-stealing malware also continues to rank highly among the reported threats as measured by the security industry”.

In light of the above, businesses need to take the initiative and proactively fortify their endpoint security — because traditional forms of protection, such as anti-virus software, are obviously not 100 percent reliable; even for threats like Conficker that have been around for years. And for a growing number of businesses, the solution they are embracing is a virtual container.

Virtual Containers: So Long, Conficker

A virtual container isolates internet-facing applications (e.g. browsers, email) and removable media files in a secure environment. As a result, inadvertently downloaded or stored malware — such as Conficker – is automatically captured before it infects the endpoint, and ultimately spreads across the corporate network. And since all of this happens in the background, the user experience is virtually undiminished and typically unnoticeable.

Once a threat is identified, IT staff simply wipes the container clean, which they can do remotely. They can also integrate the virtual container with their SIEM to glean actionable threat data, and target vulnerabilities to prevent future attacks.

Looking Ahead

Will virtual container technology finally spell the end for Conficker? Possibly and hopefully, yes. But businesses that proactively fortify their endpoint security with a virtual container do not have to wait to find out. Within minutes, they will dramatically reduce their chances of being victimized. And on today’s ever-worsening threat landscape, that is definitely a welcome benefit, and a great result.