Microsoft further updated it’s blog on Conficker on Jan 22.
Many security researchers have been praising how well engineered this piece of worm:
1/ it avoids infecting PCs with Ukraine keyboard layout (initial version)
2/ it has multiple attack vectors beside attacking MS08-067, such as:
2.1/ infection via portable storage via Autoplay (see screen shot)
2.2/ infection via Admin$ network drive with it’s built-in password dictionary attack
3/ it disables access to WSUS server
4/ it prevents anti-virus software to update it’s signature
So far Conficker has been sitting dormant, thus, raising some anxiety when will it receive instructions from it’s master to start causing real damage.
Some speculation of the destructive actions it can do:
1/ launch a (massive) denial of service attack (DOS)
2/ steals sensitive information ie credit card numbers, password
3/ destroy the PC it has infected (unlikely)
A cyber-terrorist organization would probably love to get their hangs on these 10 million plus PCs, so that they can launch one of the biggest DOS attack in the Internet.
Note, the patch that MS released can not prevent the worm from infecting PCs from using the secondary attack vectors ie autoplay and admin$ share drive.
