With the COVID-19 pandemic going on there are enough things to worry about and the last thing that you want to have to worry about is a decades old computer virus. Unfortunately that is not the case as the Conficker worm has reemerged and our nation’s healthcare system could be the hardest hit.
Conficker
The Conficker worm was first discovered in 2008. It took advantage of a flaw in the Windows OS, particularly Windows XP, to launch dictionary attacks on administrator passwords and forming a botnet of infected computers when successful. At its peak almost 15 million computers were infected and while infections have dropped dramatically in the past decade hundreds of thousands of machines are still infected.
Infected computers would sent a request that would force a buffer overflow and execute shell code on a targeted computer. The source computer would create an HTTP server and the target computer would then download the worm as a driver file and attach it to a key system file. This would continue indefinitely on newly infected computers. The final variant included two additional payloads adding a spambot and a fake antivirus product.
What Did Conficker Do?
Infected computers could have users getting locked out of accounts, have core Microsoft services get disabled, slow domain control leading to slow Internet browsing, increased congestion on a network, blocking of websites that could fix the issue like antivirus sites or Windows Update and more.
Microsoft reacted quickly to close the vulnerability but not every computer was updated. A new variant emerged in late 2008 that was able to move over networks through removable media and shared folders. In total five different variants of Conficker were created all with the ability to update themselves. Microsoft also offered a reward of $250,000 for anyone who turned its authors in 2009.
Tracked To Ukraine
In the end it was determined that the worm came from Ukraine and it was eventually tracked back to a group of cyber criminals through a multinational investigation. Three Ukranians were later arrested in Latvia as was a Swedish man. The Swede spent 48 months in jail and it is unclear whether the Ukranians were ever prosecuted. Since then the group had been reluctant to use it citing the international attention that it drew.
Conficker Is Back
Conficker has reemerged at a time when we can least afford it. The problem arises in our healthcare system since many devices that are used use outdated versions of Windows dating back to Windows XP. First it was found at a hospital in Palo Alto, California in a mammography machine and it spread quickly. Conficker was removed but the machines became reinfected.
Why is that? Over the lifetime of these devices they are in constant use, which means that there is not a lot of time to install security patches. This provides an easy way in to hospital and healthcare networks since these machines are also not scanned regularly as part of regular cyber security practices. Even in your own home devices on the Internet of Things have many of the same vulnerabilities and offer many of the same possibilities to a cyber criminal, just with less of a potential reward.
With the COVID-19 epidemic the last thing that we need is for our healthcare system to crash because of a decade old computer worm. COVID-19 is bad enough, that would be worse. Hopefully this will be the spur that will increase cyber security within one of our most valuable parts of society.
Secure Your Devices
It also should make you think about securing your own IoT devices. Don’t use a generic password to secure them and make sure that any and all security patches are applied to your devices. If a vulnerability is discovered you have no way of protecting yourself otherwise. It may not seem like a big deal but once a beachhead is created it is very hard to remove it and very easy for it to spread.
Secure and protect your devices!