Conficker Remains in Business Due to BlackHole Crimeware Kit Exploitation
It does not take a rocket scientist or super smart Internet genius to come to the conclusion that malware makers are busier than ever infecting thousands of websites with malicious code every day. Old infections such as Conficker, a worm well-known for infection millions of computers worldwide exploiting a Microsoft Windows vulnerability, remain prevalent in the world of malware. All of us, at one point and time, have probably encountered some variation of malware on our PC. In recent studies, as concluded in Sophos' Security Threat Report 2012, have uncovered data that reveal rogue anti-virus apps on a decline but drive-by-download infections are on a steady increase.
Hackers and cybercrooks are always seeking new ways to exploit clever malware. Hardly ever do they back-down as the opportunity arises to spread malware through some automated process. In knowing that, we are not surprised to learn that a BlackHole exploit kit is the culprit for infecting tens of thousands of websites. These infected websites are mostly legitimate sites that remain unprotected by issuing a drive-by-download to its visitors through automated scripts. In other words, if you were to visit one of these infected sites, your system would by infected with malware automatically - sometimes without your knowledge.
Drive-by-download is a rather old technique for infecting a large number of computers who happen to visit compromised websites. Usually the website that is compromised was exploited through an unprotected gateway or some type of vulnerability that new Blackhole exploit kits are programmed to take advantage of.
Blackhole exploit kits are readily available on the Internet to hackers, sometimes for free. These Blackhole kits are suspected to be the on the forefront of keeping the infamous Conficker alive, especially when it comes to enterprises. When one system on an enterprises infrastructure is infected with Conficker, others potentially follow through network connectivity.
Just imagine, the Conficker worm is over 3 years old and continues to be a pesky issue despite it being patched within the same year of its discovery. Let this be a lesson; malware with an old creation date hardly ever means that it is no longer a threat. Moreover, the tools and resources made available to cybercrooks are become increasingly easy to obtain.
Remember, always utilize the latest version of a trusted antivirus and/or antispyware application that provides definition updates to detect and remove the latest malware threats. Just like the Conficker worm, once one system has the infection, it can easily spread to many more in a short period of time. If you are left unprotected, you willingly put yourself at risk for system damage, blocked Internet access or even identity theft.