Confickr

Conficker

Aliases	Mal/Conficker-A (Sophos) Win32/Conficker.A (ESET) Win32/Conficker.A (CA) W32.Downadup (Symantec) W32/Downadup.A (F-Secure) Conficker.A (Panda) Net-Worm.Win32.Kido.bt (Kaspersky) W32/Conficker.worm (McAfee) Win32.Worm.Downadup.Gen (BitDefender) Win32:Confi (avast!) WORM_DOWNAD (Trend Micro) Worm.Downadup (ClamAV)
Classification	Unknown
Type	Computer virus
Subtype	Computer worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 Welchia.

Recent estimates of the number of infected computers have been notably difficult because the virus has changed its propagation and update strategy from version to version. In January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million. Microsoft has reported the total number of infected computers detected by its antimalware products has remained steady at around 1.7 million from mid-2010 to mid-2011. By mid 2015, the total number of infections had dropped to about 400,000.

The origin of the name Conficker is thought to be a combination of the English term "configure" and the German pejorative term Ficker (engl. fucker). Microsoft analyst Joshua Phillips gives an alternate interpretation of the name, describing it as a rearrangement of portions of the domain name trafficconverter.biz (with the letter k, not found in the domain name, added as in "trafficker", to avoid a "soft" c sound) which was used by early versions of Conficker to download updates.

The first variant of Conficker, discovered in early November 2008, propagated through the Internet by exploiting a vulnerability in a network service (MS08-067) on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 Beta. While Windows 7 may have been affected by this vulnerability, the Windows 7 Beta was not publicly available until January 2009. Although Microsoft released an emergency out-of-band patch on October 23, 2008 to close the vulnerability, a large number of Windows PCs (estimated at 30%) remained unpatched as late as January 2009. A second variant of the virus, discovered in December 2008, added the ability to propagate over LANs through removable media and network shares. Researchers believe that these were decisive factors in allowing the virus to propagate quickly.

...
Wikipedia