Conficker is one of the largest and most famous worms in computing history, first detected in November 2008 and at peak infecting an estimated 9 to 15 million Windows systems globally. It exploits the MS08-067 vulnerability in the Windows Server service, propagates through network shares and removable media, and uses a domain-generation algorithm to contact command-and-control servers. Conficker prompted the formation of the Conficker Working Group, an unprecedented coalition of security vendors, registrars, and law enforcement. While the worm never delivered a destructive payload at scale, it remains active in legacy and unpatched environments more than 15 years later.
This family has been observed using the following ATT&CK techniques: T1210 T1547.001 T1547.010 T1571
CISA has published an advisory on this family: https://www.cisa.gov/news-events/alerts/2009/03/29/conficker-p2p-worm
Conficker is one of the largest and most famous worms in computing history, first detected in November 2008 and at peak infecting an estimated 9 to 15 million Windows systems globally. It exploits the MS08-067 vulnerability in the Windows Server service, propagates through network shares and removable media, and uses a domain-generation algorithm to contact command-and-control servers. Conficker prompted the formation of the Conficker Working Group, an unprecedented coalition of security vendors, registrars, and law enforcement. While the worm never delivered a destructive payload at scale, it remains active in legacy and unpatched environments more than 15 years later.
Conficker spreads through the MS08-067 SMB vulnerability, weak admin passwords on network shares, and infected removable media using autorun.inf.
Domain controller account lockouts, blocked Windows Update, disabled security services, and antivirus references to Conficker, Downadup, or Kido are classic indicators.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/conficker.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.