Conficker worm a continuing threat: Microsoft
April 26th, 2012 - 8:24 pm ICT by IANSRedmond (Washington State), April 26 (IANS) Software giant Microsoft Thursday said the Conficker worm was detected approximately 220 million times worldwide in the past two-and-a-half years, making it one of the biggest ongoing threats to enterprises.
The Microsoft Security Intelligence Report volume 12 (SIRv12) also revealed the worm continues to spread because of weak or stolen passwords and vulnerabilities for which a security update exists.
The study analyzes data from more than 600 million systems worldwide and offers solutions for mitigating both targeted and broad-based attacks such as Conficker.
According to SIRv12, quarterly detections of the Conficker worm have increased by more than 225 percent since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide.
In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92 percent of Conficker infections were a result of weak or stolen passwords, and eight percent of infections exploited vulnerabilities for which a security update exists.
“Conficker is one of the biggest security problems we face, yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing.
“It is critically important that organizations focus on the security fundamentals to help protect against the most common threats.”
The SIRv12 also revealed that many of the threats often referred to as Advanced Persistent Threats (APTs) are no more advanced or sophisticated than other types of attacks.
In most cases, these attacks leverage known vectors such as exploiting weak or stolen passwords and vulnerabilities for which security updates exist, but their success lies in the persistence and determination in trying different tactics to compromise the target, the report said.
It also recommends that customers and businesses adhere to the following security fundamentals to help ensure they are protected:
* Use strong passwords and educate employees on their importance
* Keep systems up-to-date by regularly applying available updates for all products
* Use antivirus software from a trusted source
* Invest in newer products with a higher quality of software protection
* Consider the cloud as a business resource.
- Microsoft announces automatic upgrades for Internet Explorer - Dec 16, 2011
- Experts brace for possible computer worm attack - Mar 31, 2009
- Experts think up smarter honeypot traps to track malware - Feb 27, 2010
- Tech experts fail to conquer Conficker worm - Sep 22, 2009
- Researchers discover way to find Confiker computer worm - Mar 31, 2009
- Beware of attack tool kits from malicious websites: Symantec - Jan 25, 2011
- A worm in the apple: Macs in crosshairs of hackers - Aug 31, 2009
- Conficker worm: How to tell if your PC is infected & Using Removal Tools - Apr 01, 2009
- New malware could knock out antivirus systems - Dec 12, 2011
- Yahoo confirms 400,000 user accounts stolen by hackers - Jul 13, 2012
- Web-based malicious attacks on rise in India: study - May 04, 2009
- German govt's Microsoft Internet Explorer warning - Jan 17, 2010
- Apple asks Russian anti-virus firm to improve OS X security - May 15, 2012
- Microsoft issues emergency flaw fix - Aug 03, 2010
- Software protects water resources from terror attacks - Jul 26, 2011
Tags: fourth quarter, intelligence report, microsoft redmond washington, microsoft security, million times, organizations research, persistence, prevalence, report volume, security intelligence, security problems, security updates, software giant microsoft, stolen passwords, target, trustworthy computing, two and a half years, vectors, vulnerabilities, washington state