Related Links

Related Stories

  • Interview: Microsoft's Steve Lipner
    Microsoft still gets mixed reviews from the information security community. Steve Lipner, however, does not. Eleanor Dallaway met Lipner at the recent RSA Conference in San Francisco and discovered that actually, he may just be one of the best things to have happened to the software giant
  • Death, taxes, and Microsoft's Patch Tuesday
    IT administrators in the US better have their taxes done already because Microsoft is sending plenty of work on Tuesday with six security bulletins, four of which are rated critical and could lead to remote exploitation by hackers.
  • Microsoft takes control of 800 domains associated with Zeus botnets
    In a major action against the banking trojan Zeus, Microsoft with FS-ISAC and NACHA and research from Kyrus Tech and F-Secure have succeeded in disrupting a number of the most harmful Zeus botnets in “in an unprecedented, proactive cross-industry action.”
  • Microsoft says sample attack code leaked to hackers
    Microsoft is warning that proof-of-concept code exploiting a critical vulnerability involving the remote desktop protocol (RDP) in all versions of Windows has been leaked.
  • Microsoft warns about 'attractive' security hole in Windows
    Microsoft is warning users that an "attractive" critical vulnerability in the remote desktop protocol (RDP) of Windows could be exploited to automatically spread a virus.

Top 5 Stories


Confound it! Conficker continues to infect 1.7 million computers

25 April 2012

Conficker, the worm that first surfaced in 2008, is back (or never went away), with a total of 1.7 million computer system infections as of the fourth quarter of 2011, according to Microsoft’s Security Intelligence Report Volume 12 (SIRv12).

In addition, Microsoft detected a staggering 220 million Conficker attacks (successful or otherwise) over the past two and half years. For its SIRv12 report, Microsoft gathered threat intelligence from over 600 million systems in more than 100 countries.

While 1.7 million infections pale compared to its heyday in 2009 when the worm infected as many as 15 million machines, according to some estimates, it still is a substantial number, given that a security patch was issued three years ago, no new variants have appeared in the last two years, and most antivirus software can detect and block Conficker and its variants.

Why does Conficker continue to pose such a large security threat?

Poor password practices and policy, explained Tim Rains, director of Microsoft’s Trustworthy Computing. A full 92% of Conficker infections were caused by weak or stolen passwords. “We thought that that was an amazingly high number”, he commented.

“We are surprised that weak or stolen passwords are at the heart of Conficker’s success”, he added.

Also, Rains questioned the use of the term advanced persistent threat (APT) to describe targeted attacks, as opposed to broad-based attacks like Conficker. “The term APT is not particularly useful to the customers we talk to because it puts the focus on the sophistication of the tactics. But the tactics are not any more sophisticated than those used in basic automated broad-based attacks, they don’t think that term is helpful”, Rains told Infosecurity.

Microsoft found that attackers use similar tactics to carry out both targeted and broad-based attacks. They target weak passwords and unpatched vulnerabilities and use social engineering to trick users into download malware.

Rains stressed that individuals and organizations should focus on security fundamentals to protect themselves against targeted and broad-based attacks. He recommended that they use strong passwords, regularly apply available security updates for software, use antivirus software from a trusted source, invest in new products that have higher quality of protection, and consider the cloud as a business resource, particularly smaller organizations.

The Microsoft official also recommended that organizations take a four-pronged holistic approach to risk management: prevention (security fundamentals), detection (regular monitoring of systems), containment (if network is compromised), and recovery (development of a recovery plan).

This article is featured in:
Application Security  •  Cloud Computing  •  Compliance and Policy  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×