One Scenario: How to Get Your PC Infected by Conficker.B or C
It’s Friday evening. Ted is clearing his desk, folding work that’ll keep until Monday, into a side drawer. Some other stuff that he’ll look at over the weekend has already gone into his briefcase. He bends down and presses the power button on his backup power supply and listens as the fans and hard drives of his PC spin down. Suddenly, it seems very quiet in his office.
He puts on his overcoat, grabs his hat, and picks up his briefcase. Then he pauses, wondering what he’s forgotten. He stands hesitantly before his now well-ordered desk and sighs as his phone rings. He sets down his briefcase, presses the lit button on the phone, and says, “Hello."
“Hi, Ted. I’m glad I caught you still in." It was Marsha in Accounting.
“HI, Marsha," says Ted. “I was just leaving."
“I have those figures you asked for on the Sherman liquidation. Want me to email it to you or send it to the printer?"
“Great." Ted considers. “Let me come over, and you can give it to me."
Ted leaned over again and pulled his thumb drive out of his quiescent PC. He slid it into a coat pocket, picked up his briefcase, and made his way to the Accounting Office on the second floor.
He saw with some approval that Marsha’s office space was clean and organized. A veteran PC that had seen better days thumped and hummed on her desktop. A closed Apple Macbook was at her elbow. Ted held out his thumb drive.
“Thanks," said Marsha. She inserted Ted’s thumb drive and started to save the spreadsheet from Microsoft Excel to the drive.
Unbeknownst to both Ted and Marsha, the spreadsheet file was not the only payload being transferred to the thumb drive. A stealthy trojan known as Conficker.B or Win32\Downadup also transferred itself when the thumb drive was inserted. It also created a new autorun.inf self-starting file to install itself on the next vulnerable PC that it found.
The next PC it found was Ted’s laptop. The trojan tried to install itself, but the laptop had obtained a Windows update back in October, 2008, was running anti-virus, and the trojan could find no purchase. Although Ted viewed the spreadsheet and saved a copy to his laptop, he did not find out that his thumb drive was infected during that weekend.
In fact, the next vulnerable PC the trojan found was Ted’s PC at work on the following Monday. The trojan moved to Ted’s PC when he inserted the thumb drive in order to work with the spreadsheet some more.