Conficker Returns to Spread WannaCry
Posted by: Timothy Weaver on 05/25/2017 10:16 AM
[
Comments
]
Remember Conficker malware from 2008? It's back.
Not only is it back, but ransomware authors are using it to spread WannaCry ransomware. Conficker infected millions of computers when it first appeared. Many of them are still infected.
Rodney Joffe, senior cybersecurity technologist at Neustar and US government Cybersecurity Intelligence Panel member, who led the original Conficker Working Group, said that machines that have old Conficker on them were “targeted after the launch of WannaCry by intelligent criminals who realised that the Conficker machines were unpatched, had been originally compromised by the SMB vulnerability, and they started sinkholing Conficker domains to generate a list of vulnerable targets, and they went after them.”
Many people found that old Conflicker infections were not doing any harm, so they didn't bother rebuilding them. According to Joffe “This is the wrong attitude, and has supported the ongoing existence of a ticking cyber time-bomb.”
For the last five years, Joffe estimates that Conficker has been infecting as many as 600,000 infections per year.
“Yes, even today! In addition, we continue to receive reports and see telemetry confirming that new systems continue to be infected as old ones are taken offline, or just replaced because of age. But the number stays pretty constant.”
“So as expected, either inadvertently or by design and reconnoiter activities, a measurable number of machines that are infected by Conficker have now also been hit with WannaCry. Most of these machines would have likely been protected if the operators had taken the necessary steps to remove Conficker and implement the recommendations for Conficker,” he said.
Souce: SCMagazine
Not only is it back, but ransomware authors are using it to spread WannaCry ransomware. Conficker infected millions of computers when it first appeared. Many of them are still infected. Rodney Joffe, senior cybersecurity technologist at Neustar and US government Cybersecurity Intelligence Panel member, who led the original Conficker Working Group, said that machines that have old Conficker on them were “targeted after the launch of WannaCry by intelligent criminals who realised that the Conficker machines were unpatched, had been originally compromised by the SMB vulnerability, and they started sinkholing Conficker domains to generate a list of vulnerable targets, and they went after them.”
Many people found that old Conflicker infections were not doing any harm, so they didn't bother rebuilding them. According to Joffe “This is the wrong attitude, and has supported the ongoing existence of a ticking cyber time-bomb.”
For the last five years, Joffe estimates that Conficker has been infecting as many as 600,000 infections per year.
“Yes, even today! In addition, we continue to receive reports and see telemetry confirming that new systems continue to be infected as old ones are taken offline, or just replaced because of age. But the number stays pretty constant.”
“So as expected, either inadvertently or by design and reconnoiter activities, a measurable number of machines that are infected by Conficker have now also been hit with WannaCry. Most of these machines would have likely been protected if the operators had taken the necessary steps to remove Conficker and implement the recommendations for Conficker,” he said.
Souce: SCMagazine
Comments
