Related Links

Top 5 Stories


Confound it! Conficker continues to infect 1.7 million computers

25 April 2012

Conficker, the worm that first surfaced in 2008, is back (or never went away), with a total of 1.7 million computer system infections as of the fourth quarter of 2011, according to Microsoft’s Security Intelligence Report Volume 12 (SIRv12).

In addition, Microsoft detected a staggering 220 million Conficker attacks (successful or otherwise) over the past two and half years. For its SIRv12 report, Microsoft gathered threat intelligence from over 600 million systems in more than 100 countries.

While 1.7 million infections pale compared to its heyday in 2009 when the worm infected as many as 15 million machines, according to some estimates, it still is a substantial number, given that a security patch was issued three years ago, no new variants have appeared in the last two years, and most antivirus software can detect and block Conficker and its variants.

Why does Conficker continue to pose such a large security threat?

Poor password practices and policy, explained Tim Rains, director of Microsoft’s Trustworthy Computing. A full 92% of Conficker infections were caused by weak or stolen passwords. “We thought that that was an amazingly high number”, he commented.

“We are surprised that weak or stolen passwords are at the heart of Conficker’s success”, he added.

Also, Rains questioned the use of the term advanced persistent threat (APT) to describe targeted attacks, as opposed to broad-based attacks like Conficker. “The term APT is not particularly useful to the customers we talk to because it puts the focus on the sophistication of the tactics. But the tactics are not any more sophisticated than those used in basic automated broad-based attacks, they don’t think that term is helpful”, Rains told Infosecurity.

Microsoft found that attackers use similar tactics to carry out both targeted and broad-based attacks. They target weak passwords and unpatched vulnerabilities and use social engineering to trick users into download malware.

Rains stressed that individuals and organizations should focus on security fundamentals to protect themselves against targeted and broad-based attacks. He recommended that they use strong passwords, regularly apply available security updates for software, use antivirus software from a trusted source, invest in new products that have higher quality of protection, and consider the cloud as a business resource, particularly smaller organizations.

The Microsoft official also recommended that organizations take a four-pronged holistic approach to risk management: prevention (security fundamentals), detection (regular monitoring of systems), containment (if network is compromised), and recovery (development of a recovery plan).

This article is featured in:
Application Security  •  Cloud Computing  •  Compliance and Policy  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×