This week marks one year since the Conficker worm (known as Downadup at the time) was discovered in the wild.  As we know, it went on to become one of the biggest infections ever seen, with an estimated 12 million-plus PCs infected globally.

This interview with Eric Sites, a member of the Conficker Working Group, looks at what has happened through Conficker’s lifespan, and speculates as to who developed the worm.

Conficker has also been instrumental in driving changes to everyday computing practice.  As one of the first worms to exploit Windows Autorun and to spread via removable media, it’s forced companies to re-evaluate the way they use devices such as USB flash drives. 

It made the security sector look at providing anti-malware software to protect data on devices other than PCs – such as on our secure USB drives with onboard AV scanning.  This shows that with any problem, there is also an opportunity to improve data security.

At the recent Black Hat security conference in Las Vegas, anti-malware researchers spent a lot of time discussing the Conficker botnet worm, as you might expect following one of the largest-scale infections ever seen.

It was apparent that although business seems to be forgetting about it, Conficker still represents a major threat.  Over 5.5 million infected PCs are still out there, with most of the infections in Brazil, China and Vietnam.  The problem is, no-one really knows what kind of threat, or how that threat will be realised. 

More detail was given on how the worm spreads via unsecured USB flash drives.  Conficker’s code is able to trigger an autorun on Windows, even when a user might have had autorun disabled for USB media.  Conficker’s code actually tricks the user by getting Windows to show the icon for ‘open folder’, getting the user to actually run and execute the code.

As we’ve mentioned before, secure USB flash drives with onboard anti-malware can stop the spread of Conficker via this vector.  But the infection is still widespread – so ensure your systems are disinfected, patched and updated before the sleeping giant wakes up.

The City Council of Manchester, England, has counted the cost of an outbreak of Conficker in its network earlier this year,  and it comes to a staggering £1.5M ($2.5M) according to a report in The Register. 

The Council was also prevented from issuing hundreds of motoring penalty notices after Conficker worm knocked out parts of its IT systems.  Drivers escaped punishment after the Council’s fine processing system was taken offline in February this year, causing 1,609 motoring offences to go unpunished. 

Infection by the worm left Council staff unable to send emails or print documents, and struggling with extra paperwork after they were obliged to keep additional back-up records in case data was lost.

Clean up costs and consultancy fees were estimated at £600K. In additional, council IT chiefs spent a further £600k on thin client terminals.  A further £169,000 was spent on extra staff needed to handle a backlog of benefits claims.

And the cause of the infection?  Council chiefs blame an infected USB memory stick, and have disabled all computer USB ports in response to the incident.  How much would have been saved by rolling out secure USB flash drives with on-board, integrated anti-virus to stop the infection spreading?