What Does The Conficker Worm Do Exactly?

what does the Conficker worm actually do?

Even now, several months after Conficker first appeared, we still don’t know it’s exact purpose.

Whilst there was no great events on April 1st, as some had predicted there would be, the worm is still very much out there .

what does the Conficker worm actually do?

what does the Conficker worm actually do?

The Conficker worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines.

Those behind the worm can also remotely control those machines too, via something known as a botnet.

Infected machines can be manipulated in a number of ways.

Initial reports indicated that Conficker was serving up advertisements for fake antivirus programs.

Beyond that, nothing much else has happened.


Conficker certainly does ensnare infected machines into a botnet but so far the botnet hasn’t been utilised in any meaningful way.

Some experts believe, however, that Conficker will ultimately turn out to be a virus that has been written for profit.

In other words, the botnet will be used to send SPAM, steal identities and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks.

If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator.

The worm then tries to spread itself to other computers on that same network.

When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.

It receives further instructions by connecting to a server.

The instructions it receives may include to propagate, gather personal information and to download and install additional malware onto your computer.

The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] not properly executed, you risk losing your data as well as re-infecting your system again with the Conficker virus once reformatting is […]

Speak Your Mind