According to researchers at Eset, the Conficker malware is still going strong at eight. First reported in 2008, the worm has estimated to have infected 11 million machines.

The worm is estimated to have done 9 million worth of damage in those eight years. It has hit high profile targets such as the U.K. Ministry of Defense and the German armed forces.

“Ultimately though, the worm leveraged – and indeed, continues to leverage – an old, unpatched vulnerability to crack passwords and hijack Windows computers into a botnet. These botnets would then be used to distribute spam or install scareware (again, as they are today),” ESET researchers wrote.

Keeping up with the times, the Conficker virus is not targeting IoT devices. New variants and constant upgrades is keeping Conficker on the forefront. It is thought to be able to move laterally through networks rather than just being spread via USB.

Conficker is still infecting computers by accessing an old vulnerability (MS08-67) that allows the worm to steal passwords and turn the machine into a botnet.

Despite its success, according to Eset's senior researcher, David Harley, Conficker has never been used for much. “Maybe the gang just decided that the botnet was being watched too closely by the security industry to accomplish anything,” he said in the blog.

Source: SCMagazine