Twelve years after its creation Conficker malware is now attacking connected objects. The American firm Palo Alto Networks announces that it has detected Conficker on the connected devices of a hospital, activating a resurgence of the twelve-year-old computer worm. It calls on all owners of connected objects to adopt the security measures recommended by specialists.

According to a report released Tuesday, March 10, 2020, by IT expert Palo Alto Networks, a twelve years old computer worm called Conficker has recently made a comeback. The latter, which emerged in 2008 by taking advantage of security vulnerabilities in Microsoft’s Windows XP operating system, has generated a whole network of zombie machines.

In 2009, Conficker reportedly infected up to 15 million machines. Still active, although it is considered a minor phenomenon and without real risk, it still infected some 400,000 computers in 2015. The proliferation of connected objects would have increased this number to 500,000 devices today.


The malware is no longer actively exploited by the hackers behind it. It was an incident recently reported by the Zingbox IoT tool, edited by Palo Alto Networks. "We have observed abnormal network traffic, including excessive Server Message Block (SMB) traffic, domain generation algorithms (DGA) used by infected devices, as well as specific patterns in attempts to execute Conficker shellcode", explained to ZDNet May Wang, an engineer at Palo Alto Networks and former technical director of Zingbox.

The firm says that as many as "one in five customer companies" have detected malware on its infrastructure in the past two years. Among them, a hospital, of which certain devices aiming, in particular, to carry out mammographies were infected. Hospital staff tried to remove the infections by restarting the machines, but within hours of putting them back online, Conficker took over again. These machines had not received security patches, which made them vulnerable to old malware. The healthcare facility was forced to decommission its entire fleet of medical devices while it installed the required updates. An event that had the effect of suspending part of the activities for almost a week.

Conficker a Twelve Years Old Malware Attack Connected Objects

If such an infection could have spread so massively, it is because connected objects still pass under the radar of IT departments in many structures. Little watched, unlike computers, they create a draft that allows cyber attacks to proliferate. Hackers, aware of this flaw, are developing more and more software to attack the IoT such as the Mirai botnet.


However, cybersecurity experts are not getting their first warning in the context of the exponential growth in the adoption of connected objects, both at home and in the workplace. And it is to alert again to the risk to which this category of devices is subject that Palo Alto Networks says it publishes this data and provides some advice. The IT specialist thus prioritizes the exhaustive and regular analysis of the equipment connected to a network, stating that it is "much easier to protect yourself against threats when you know their origin". Even the most common devices such as printers or cameras need to receive updates.

Palo Alto Network also explains that connected objects should be operated on a clean network separate from computers and other smartphones to reduce the potential attack surface for a hacker. "As long as obsolete Windows systems or the SMB protocol exist, there will be Conficker infections and other malware families with a similar mechanism," said Wang.