The most harmful malware that spreads through Microsoft OS vulnerabilities is probably WannaCry. However, 15 years ago, there was a worm called Conficker, which also spread through Microsoft vulnerabilities. Conficker continues to spread widely on the Internet today.

In November 2008, Conficker worm propagated through the Microsoft RPC vulnerability. Even now, devices in the wild are still attacked for spreading Conficker worm samples against SMB servers on public networks. 

In this session, we will start from the suspicious traffic discovered on honeypots, analyze Conficker worm network propagation behavior, and investigate the attack source and exploit payload collected by us. We also explore the threat about this type of attacks to industrial control systems and propose possible defense solutions.