Skip to main content

Home Conficker worm

Conficker worm

(also downup, downadup, Kido)

Conficker worm definition

Conficker is a type of computer worm that targets Microsoft Windows operating systems. It infects systems by copying itself to network shares and removable media accessible from an infected computer.

For example, when a user inserts an infected USB drive into another computer, the worm spreads to that computer and then onto other systems on the network.

The Conficker worm first appeared in 2008 and spread via a vulnerability in-network service on the Windows operating systems, including Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 Beta systems.

See also: computer worm, malicious code

How does the Conficker worm work?

After infecting a computer, Conficker tries to contact command and control servers to receive instructions from its owner. The worm can also disable security software and block access to security-related websites. It can download and install additional malware, which the attackers can use to steal sensitive information, take control of the infected computer, or launch attacks on other systems.

Common signs of a Conficker worm infection

  • Services like automatic updates, Windows Defender, Error Reporting Servers, and Background Intelligent Transfer Services (BITS) are disabled automatically.
  • Networks get congested suddenly.
  • Account lockout policies are being triggered and activated.
  • Domains respond slowly to domain client requests.
  • Security-related sites and software can’t be accessed.
  • Security tools like antivirus and anti-malware software are disabled and can’t be enabled again.