Many still vulnerable to Conficker

Victoria Ho ZDNet Asia | April 16, 2009 5:42 AM PDT

Summary

Despite all the warnings, an antivirus firm estimates that 11 percent of PCs in use still have not applied the patch that would prevent the Conficker worm from invading their systems.

Topics

PC, Sophos Plc., Worm, Conficker, Cyberthreats, Viruses And Worms, Security, malware, virus, removal, antivirus, Victoria Ho ZDNet Asia

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Antivirus company Sophos has sent an alert saying many users still have yet to patch their PCs against the exploit that makes them vulnerable to the Conficker worm.

Sophos' senior technology consultant Graham Cluley, said in a blog post Thursday, the antivirus company found 11 percent of users who had taken an endpoint assessment test at its Web site did not have the Microsoft OS08-067 patch installed.

The patch, available since October last year, fixes a vulnerability which allows the Conficker worm to infect PCs.

The Conficker saga has been broiling for the last month or so, where it received a swarm of media attention leading up to April 1--when it was expected to detonate. Its real effects were seen about a week later, when it started dropping a mystery payload on infected computers.

Microsoft has also put up a US$250,000 reward for information leading to the arrest and conviction of the criminals behind the worm.

Cluley said in his blog post the 11 percent of infected PCs is "pretty depressing news", given the press coverage the worm has received.

"It appears that the percentage of computers not patched against the exploit is holding steady," he added.

The goal of Conficker's creators remains unclear. While researchers have said the worm's payload dumping activity indicates a profit motive, such as stealing passwords or spam-generation, Conficker has yet to fully reveal its intended function.

There are a number of tests and checks online, including an eye chart from the endpoint assessment test for the Microsoft patch.

Sophos is offering a tool to remove the Conficker worm from infected PCs, as well.

This article was originally published on ZDNet Asia.

Talkback Most Recent of 9 Talkback(s)

Follow via:: RSS; Email Alert

This just proves...

that regardless of what you do - stupid people can (and will continue) to exist. Why in the WORLD these folks have not patched (legit or NOT - MS provides this patch free to both) is beyond me. I guess stupid and clueless people will continue to be a zombie slave to botnets and forever spew spam. These people should be thrown on garden-walled connections by their ISP until they are patched (provided they already have been infected with the conficker worm).

Another thought... would it behoove ISPs to somehow validate specific patch levels before granting access to the net via their pipes? Maybe by way of an extra "security" service for a fee or by policy and forbid access (read garden-wall) to the internet until the vulnerability is fixed? I like this - but im a bit torn, I dont want my ISP playing network admin - but I wonder if its for the good of the internet, why not?
JT82
16th Apr 2009
- Reply to
- Flag
nt

.
InAction Man
16th Apr 2009
- Reply to
- Flag
Many stupid users still vulnerable to it

Many stupid users still vulnerable to it
qmlscycrajg
16th Apr 2009
- Reply to
- Flag
re: ... stupid users still vulnerable to it

"Many stupid users still vulnerable to it "

What version of it , [A - D], or E ?

Q. If those stupid users patched for Conficker "A", does that cover all variance of Conficker (let's say version "Z")?

^o^
n0neXn0ne
16th Apr 2009
- Reply to
- Flag
M$ should make an OS adequate for regular people.

Patching windoze is too complicated for the average Joe. M$ should take lessons in ease of use from Ubuntu.
InAction Man
16th Apr 2009
- Reply to
- Flag
No....Its actually quite easy..

if people left the "automatic updates" on - they wouldnt have a problem now. Why is that so hard to understand?

There is zero reason a home user should turn off automatic updates. They are not a corporate environment that needs to regulate what goes on the systems (to that extent) and anyone who IS competant enough to want to run their home system like that - shame on them for not patching this vulnerabilty.

Ubuntu and Windows patch the same way, both are automatic by default and have the ability to be changed to manual.
JT82
16th Apr 2009
- Reply to
- Flag
Big Brother inside!

Since they (M$) never know if you are a terrorist or not they must be able to access your system through backdoors unknown to you. You must allow the "good guys" (MS et al) full access to your files anytime they feel like it. You must continually prove to them you paid for it and risk bricking your machine when their WGA fails.

Have you heard of windows unsolicited update with windows-update disabled?
InAction Man
16th Apr 2009
- Flag
I really hate to be the bearer of bad news..but thats um a resounding NO..

What you speak of was a huge PR mistake on Microsofts part, that they already acknolwedged. Yes they did update the updater software (even with the Windows Update disabled). The EULA gives them the right to do this. Again, why anyone (in the home user department) would have the Automatic updates disabled is pure stupidity and quite honestly shouldnt be allowed to access a computer.

I wont even address the first part of your post because its pure FUD and nothing but ABM'er drivel. I will say failing WGA does NOT brick your box, it simply puts it in reduced functionality mode. Let me tell you - if you legitimately have a valid copy of Windows, MS will not even bat an eye about giving you a new key - it only takes 1 call to an 800 number.
JT82
16th Apr 2009
- Flag
Leave the trolls be please

NT
Cylon Centurion
23rd Apr 2009
- Flag