Software: Conficker, Downadup, Kido

From attackics
Jump to navigation Jump to search
Conficker, Downadup, Kido
Software
ID S0012
Aliases Conficker, Downadup, Kido
Type Malware

Conficker is a computer worm that targets Microsoft Windows and was first detected in November 2008. It targets a vulnerability (MS08-067) in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet. Conficker made its way onto computers and removable disk drives in a nuclear power plant.1

Associated Software Descriptions

  • Conficker - 2
  • Downadup - 2
  • Kido - 2

Techniques Used

  • Replication Through Removable Media - Conficker exploits Windows drive shares. Once it has infected a computer, Conficker automatically copies itself to all visible open drive shares on other computers inside the network.2 Nuclear power plant officials suspect someone brought in Conficker by accident on a USB thumb drive, either from home or computers found in the power plant's facility.1
  • Loss of Productivity and Revenue - A Conficker infection at a nuclear power plant forced the facility to shutdown and go through security procedures involved with such events, with its staff scanning computer systems and going through all the regular checks and motions before putting the plant back into production.1