Software: Conficker, Downadup, Kido

From attackics
Jump to navigation Jump to search
Conficker, Downadup, Kido
Software
ID S0012
Aliases Conficker, Downadup, Kido
Type Malware

Conficker is a computer worm that targets Microsoft Windows and was first detected in November 2008. It targets a vulnerability (MS08-067) in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet. Conficker made its way onto computers and removable disk drives in a nuclear power plant.1

Associated Software Descriptions

  • Conficker - 2
  • Downadup - 2
  • Kido - 2

Techniques Used

  • Loss of Productivity and Revenue - A Conficker infection at a nuclear power plant forced the facility to shutdown and go through security procedures involved with such events, with its staff scanning computer systems and going through all the regular checks and motions before putting the plant back into production.1
  • Replication Through Removable Media - Conficker exploits Windows drive shares. Once it has infected a computer, Conficker automatically copies itself to all visible open drive shares on other computers inside the network.2 Nuclear power plant officials suspect someone brought in Conficker by accident on a USB thumb drive, either from home or computers found in the power plant's facility.1

References

  1. a b c d  Catalin Cimpanu. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved October 14, 2019.
  1. a b c d  Symantec. (2015, June 30). Simple steps to protect yourself from the Conficker Worm. Retrieved December 5, 2019.

 

Retrieved from "https://collaborate.mitre.org/attackics/index.php?title=Software/S0012&oldid=9101"