Passwords used by the Conficker worm

by Graham Cluley on January 16, 2009 | Leave a comment

Filed Under: Data loss, Malware, Podcast, Video

It's not possible to emphasise enough the importance of using sensible passwords on your network.

Not just on the areas of your network that you don't want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003.

One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords.

As you can see in the list below, it relies upon computers using poorly chosen passwords such as dictionary words, "password", "qwerty" or sequences of letters or repeated numbers:

List of passwords used by the Conficker worm

One way to make it harder for password-cracking malware like Conficker from spreading across your network is to ensure that no-one is using a poorly-chosen password.

And, of course, please don't delay installing the critical security patch that Microsoft issued late last year.

Further reading: Download a free Conficker removal tool and How to stop the Conficker worm on an unpatched PC.

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.