Conficker (also known as Downup, Downadup, and Kido) is a computer worm targeting the Windows operating system that was first discovered in November 2008. Its original variant, Conficker A, was spread by means of vulnerability in the Windows Server Service. Later variants, Conficker B and C, (discovered in December 2008 and February 2009 respectively) added the ability for it to spread through Windows file shares with weak passwords as well as the USB device “Autorun” feature. Even newer variants Conficker D and E (discovered in March 2009 and April 2009 respectively) included a peer-to-peer communication system, with variant E also downloading and installing the Waledac spambot as well as SpyProtect 2009, a fake anti-virus product.
Due to the changing nature of Conficker’s propagation method, it was difficult to estimate the number of infections during the peak of its spread. In January 2009, the number of its infections was estimated to be between 9 and 15 million. According to the Microsoft Security Intelligence Report 12, Conficker infected 1.7 million machines in Q4 2011 - years after its initial discovery.
A group of security researchers and companies - including Microsoft, Symantec, and VeriSign - formed the Conficker Working Group (CWG) in early 2009 in an effort to combat Conficker’s spread and track down the hacker or hackers that created it. Since CWG’s inception, it has been blocking Conficker’s command and control (C&C) servers by registering certain key domain names; this practice renders the Conficker botnet useless to its owners, although, stopping this practice may allow them to regain control. Microsoft is currently offering a $250,000 reward for information leading to the Conficker creators’ arrest.