Topic: Hardware

Many still vulnerable to Conficker

Summary: Despite all the warnings, an antivirus firm estimates that 11 percent of PCs in use still have not applied the patch that would prevent the Conficker worm from invading their systems.

By Victoria Ho | April 16, 2009 -- 05:42 GMT (22:42 PDT)

Antivirus company Sophos has sent an alert saying many users still have yet to patch their PCs against the exploit that makes them vulnerable to the Conficker worm.

Sophos' senior technology consultant Graham Cluley, said in a blog post Thursday, the antivirus company found 11 percent of users who had taken an endpoint assessment test at its Web site did not have the Microsoft OS08-067 patch installed.

The patch, available since October last year, fixes a vulnerability which allows the Conficker worm to infect PCs.

The Conficker saga has been broiling for the last month or so, where it received a swarm of media attention leading up to April 1--when it was expected to detonate. Its real effects were seen about a week later, when it started dropping a mystery payload on infected computers.

Microsoft has also put up a US$250,000 reward for information leading to the arrest and conviction of the criminals behind the worm.

Cluley said in his blog post the 11 percent of infected PCs is "pretty depressing news", given the press coverage the worm has received.

"It appears that the percentage of computers not patched against the exploit is holding steady," he added.

The goal of Conficker's creators remains unclear. While researchers have said the worm's payload dumping activity indicates a profit motive, such as stealing passwords or spam-generation, Conficker has yet to fully reveal its intended function.

There are a number of tests and checks online, including an eye chart from the endpoint assessment test for the Microsoft patch.

Sophos is offering a tool to remove the Conficker worm from infected PCs, as well.

This article was originally published on ZDNet Asia.

Topics: Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments

Log in or register to join the discussion

This just proves...

that regardless of what you do - stupid people can (and will continue) to exist. Why in the WORLD these folks have not patched (legit or NOT - MS provides this patch free to both) is beyond me. I guess stupid and clueless people will continue to be a zombie slave to botnets and forever spew spam. These people should be thrown on garden-walled connections by their ISP until they are patched (provided they already have been infected with the conficker worm).

Another thought... would it behoove ISPs to somehow validate specific patch levels before granting access to the net via their pipes? Maybe by way of an extra "security" service for a fee or by policy and forbid access (read garden-wall) to the internet until the vulnerability is fixed? I like this - but im a bit torn, I dont want my ISP playing network admin - but I wonder if its for the good of the internet, why not?

JT82
16 April, 2009 06:50

Reply Vote
- nt
  
  .
  
  InAction Man
  16 April, 2009 08:10
  
  Reply Vote
Many stupid users still vulnerable to it

Many stupid users still vulnerable to it

qmlscycrajg
16 April, 2009 07:09

Reply Vote
- re: ... stupid users still vulnerable to it
 
 "Many stupid users still vulnerable to it "
 
 What version of it, [A - D], or E ?
 
 Q. If those stupid users patched for Conficker "A", does that cover all variance of Conficker (let's say version "Z")?
 
 ^o^
 
 
 n0neXn0ne
 16 April, 2009 08:15
 
 Reply Vote
M$ should make an OS adequate for regular people.

Patching windoze is too complicated for the average Joe. M$ should take lessons in ease of use from Ubuntu.

InAction Man
16 April, 2009 08:29

Reply Vote
- No....Its actually quite easy..
 
 if people left the "automatic updates" on - they wouldnt have a problem now. Why is that so hard to understand?
 
 There is zero reason a home user should turn off automatic updates. They are not a corporate environment that needs to regulate what goes on the systems (to that extent) and anyone who IS competant enough to want to run their home system like that - shame on them for not patching this vulnerabilty.
 
 Ubuntu and Windows patch the same way, both are automatic by default and have the ability to be changed to manual.
 
 JT82
 16 April, 2009 08:39
 
 Reply Vote
 - Big Brother inside!
 
 Since they (M$) never know if you are a terrorist or not they must be able to access your system through backdoors unknown to you. You must allow the "good guys" (MS et al) full access to your files anytime they feel like it. You must continually prove to them you paid for it and risk bricking your machine when their WGA fails.
 
 Have you heard of windows unsolicited update with windows-update disabled?
 
 InAction Man
 16 April, 2009 08:44
 
 Reply Vote
 - I really hate to be the bearer of bad news..but thats um a resounding NO..
 
 What you speak of was a huge PR mistake on Microsofts part, that they already acknolwedged. Yes they did update the updater software (even with the Windows Update disabled). The EULA gives them the right to do this. Again, why anyone (in the home user department) would have the Automatic updates disabled is pure stupidity and quite honestly shouldnt be allowed to access a computer.
 
 I wont even address the first part of your post because its pure FUD and nothing but ABM'er drivel. I will say failing WGA does NOT brick your box, it simply puts it in reduced functionality mode. Let me tell you - if you legitimately have a valid copy of Windows, MS will not even bat an eye about giving you a new key - it only takes 1 call to an 800 number.
 
 JT82
 16 April, 2009 09:40
 
 Reply Vote
 - Leave the trolls be please
 
 NT
 
 The one and only, Cylon Centurion
 23 April, 2009 16:39
 
 Reply Vote