It is funny how security works, isnâ€™t it? When you think you got rid of the old-school (aka â€œstupidâ€) threats, reality hits you right back. Confiker/Downadup is a simple worm;Â it exploits a Microsoft Windows vulnerability, that can only be utilized over a local network as it uses the SMB protocol, and uses an initial infection vector of running an â€œautorunâ€ on removable media (usually USB drives).
Why is it so annoying? Well, getting to 9 million infected machines (as per external reports) is pretty impressive for such a classic infection vector (considering that there is no communication attack vector at all â€“ no internet needed, no email attachmentâ€¦). I thought that these infections were mostly in large companies that fail to properly patch their systems. Reality check again; as Iâ€™m speaking in a security sales summit, and working with the local hotel Business Center, I hand over my USB stick for them to print a PDF, and get it back withâ€¦ you guessed it. Confiker.
Funny at first, but sad when you realize the amount of non-technical debugger-less users that plug the thing back in and have autorun immediately infect their system.