The intentions of the cybercriminals behind theConficker
wormare still unknown, says an industry group set up to
combat the malware.
Conficker is state-of-the-art malware that is still showing up
on millions of computers around the world, said Rodney Joffe,
director of the
Conficker
Working Group.
Conficker is a perfect platform to carry out attacks if those
behind it decide to use it or sell off bits of the botnet to other
criminals now that attention has died down, he told
ComputerWeekly.
If that happens, Joffe said many organisations are in for a
rough ride, including UK enterprises which own a significant number
of the country's infected computers.
"Not just regular companies, but also companies involved in
critical infrastructure," he said.
IP addresses associated with two UK airports have shown up in
the Conficker Working Group's routine scans in recent weeks.
Although these infected IP addresses may have been picked up from
guest accounts on the wireless networks, the concern is that the
infection is still on the network and could infect the airports' IT
systems, said Joffe.
"Conficker is far from defeated and organisations cannot afford
to ignore it," he said.
The effects could be staggering if Conficker is activated and
starts to capture and transmit financial information, warned
Joffe.
"Enterprises should not assume that because Conficker has gone
quiet that those behind it have walked away and will not use it to
do anything malicious," he said.
According to Joffe, Conficker has already been used to spread
fake anti-virus software and other malicious software, including
Waledec.
"An enterprise that ignores the issues around Conficker risks
being liable for whatever may happen because they did not take
action even though they knew they were infected," he said.