Conficker Infects Millions – Reward Offered for the Worm's Creator

Large reward offered for capture of virus creator
March 2009
by Kai Davis

The danger and widespread proliferation of the Conficker virus is perhaps best demonstrated by the fact that Microsoft offered a $250,000 reward for the capture of its creator.


In mid-February, the company announced it was putting a bounty on the person behind the worm also known as Downadup. While by early March, the malware author had not been apprehended, many were certainly working hard to combat his creation. As well as offering a reward, Microsoft joined with such companies as AOL and the Internet Corporation for Assigned Names and Numbers (ICANN) to develop a way to slow down the virus.

Conficker was unleashed in November, and by mid-February an estimated 12 million users worldwide had already been infected. Users were not only infected by Conficker, but also variants such as Conficker B++.

French newspaper Quest France reported the virus had hit the country’s internal navy computer system. This reportedly caused the grounding of aircraft as they were unable to download flight plans from the compromised database.

The Houston Police actually stopped jailing people suspected of non-violent Class C misdemeanors because Conficker had caused so much trouble with that city’s municipal court system. What makes Conficker particularly powerful is that once it infects a computer it can download more malware from a website controlled by the attacker. This means that it could be logging keystrokes to steal your passwords or bank account info, sending spam or denial of service attacks (DoS), which make a certain computer resource unavailable to its users. In short, Conficker gives the attacker complete control.

Conficker has spread in a few different ways:

  • Exploiting vulnerability in the Microsoft Server service. This attack point has been cleaned up by a patch, so make sure to run your Windows Update.
  • Passwords. Conficker tries to guess Administrator passwords or overpower the system to gain access to local networks and spread through the network.
  • Removable drives. Conficker infects USB and other drives and then with an autorun file tries to takeover whichever computer it is connected to.

As well as the suggestions above to combat Conficker, another defense method is to turn off Autorun. This can be completed by downloading a script from a number of reputable computer security blogs or following online directions. And of course, as always, ensure that you have an up-to-date and dependable anti-virus program.