Conficker Most Reported Security Threat in 2014

The six-year old Conficker worm is still a major presence in the threat landscape, accounting for 38% of all detections in the first half of 2014, according to security vendor F-Secure’s latest Threat Report.

The Finnish firm’s H1 round-up found, by contrast, that detections of malicious Java plug-ins in the browser dropped from over 40% last year to just 11% in the first six months of 2014.

“Finally, the current versions of Java are such that there are too many hurdles in the way for Java to be easily exploited,” commented security advisor Sean Sullivan during a webcast to discuss the report.

F-Secure chief research officer, Mikko Hypponen, added that Conficker’s persistence is likely down to regions in which there are still a large number of legacy systems and high piracy rates. Brazil, for example, was the number one country when it came to Conficker detections, he said.

“When you’re running pirated versions of applications or the operating system itself patching is more problematic, so you have more security problems,” Hypponen added.

Web-based attacks, during which malware redirects the victim’s browser to malicious sites, accounted for 20% of detections, with 'other' taking up the remaining 38%.

Elsewhere, F-Secure spotted 25 new malware variants specifically targeting Mac machines.

Although their capabilities and distribution methods are becoming more sophisticated, Hypponen   claimed that “the situation isn’t out of hand” on the Apple platform, relative to Windows PCs and Android mobile devices for which there are far greater numbers of malware variants.

The Google mobile platform, for example, witnessed 294 new malware families or variants in the first half of this year, compared to just one for the more tightly controlled iOS ecosystem, according to the report.

The other notable trend of the period was a growth in ransomware activity on desktop and mobile platforms, with the likes of Cryptolocker, Koler, Slocker and other malware all causing problems for users, said F-Secure.

What’s Hot on Infosecurity Magazine?