Confinker: Connected objects to the test of an old computer program
Called Confinker, the 12-year-old malware has reportedly resurfaced, according to a report released by the U.S. telecommunications firm.
The program, which first appeared in 2008, worked by leveraging security vulnerabilities in Microsoft's operating system, Windows XP, to generate a botnet. Already in 2009, one year after its implementation, this malware had managed to infect nearly 15 million machines worldwide. In 2015, despite being considered a low-security malware, it still infected nearly 400,000 jobs. And later based on the spread of connected objects, this name easily reached 500,000.
This article will also interest you: Private companies facing vulnerabilities of connected objects
According to experts, the software is no longer really exploited by these designers. however recently, following an incident that was reported by a tool published by Palo Alto Networks, which allowed the re-observation of this malware "We have observed abnormal network traffic, including an abnormal excessive SMB (Server Message Block) traffic, algorithms to generate (DGA) used by infected devices, as well as models attempts to execute Shell Conficker code. », explains May Wang, an engineer at Paulo alto Network, who is also the former technical director of Zingbox.
According to the U.S. telecommunications, less than "one in five corporate customers has detected malware on its infrastructure over the past two years. ». And among them, we can cite a hospital. Indeed, this hospital unfortunately had analytical machines, precisely the one for mammography. Despite some actions staff to get rid of this program, especially by restarting infected machines, the virus resurfaced just a few minutes after their start-ups. This is simply due to the fact that affected machines had not received any security patches for a long time. As a result, they were tainted by several security flaws that made them vulnerable. This event led to the hospital to decommission all of these machines of the same type, to ensure that maintenance and to provide the necessary updates. To do this, several activities of the hospital were suspended for this, and this during almost a week.
In addition, there are questions about whether What caused this problem? how it is done that several devices can be infected with an old worm that is supposed to be harmless from now on?
Simply because the affected objects are not really inspected. They tend to be overlooked by it security specialists in infrastructure, unlike computers and other devices. And this problem is recurrent for all connected devices. And without exaggerating, we should expect an upsurge in malware intended to attack connected objects.
Now access an unlimited number of passwords: