Conficker haunts enterprises years on

The Conficker worm is currently the largest security threat to enterprises, continuing to spread due to weak or stolen passwords and vulnerabilities that require security patches, according to a Microsoft report.

The Conficker worm is currently the largest security threat to enterprises, continuing to spread due to weak or stolen passwords and vulnerabilities that require security patches, according to a Microsoft report.

According to the Microsoft "Security Intelligence Report volume 12" (SIRv12), which analyses online threat data, the Conficker worm was detected 220 million times worldwide in the past two and a half years, making it the biggest threat to enterprises. In the fourth quarter alone, the worm was detected on 1.7 million systems worldwide.

The report analysed online threats from July to December last year, looking at 600 million systems from more than 100 countries worldwide.

The worm steals administrative passwords, and uses them to log on to every other machine in the network, thereafter compromising those machines. It was first detected in November 2008.

The report also found that quarterly detections of the Conficker worm increased by more than 225 per cent since the start of 2009.

Examining the reasons behind Conficker's prevalence in enterprises, the research found that 92 per cent of Conficker infections were due to weak and stolen passwords, and 8 per cent of infections exploited vulnerabilities, for which a security update exists.

Commenting on the findings of the report, Tim Rains, director of product management at Microsoft's Trustworthy Computing, noted that it is "astonishing" that the majority of the attacks were due to weak passwords, instead of unpatched vulnerabilities.

"So many enterprises are running on weak passwords," he remarked. "It is important that they focus on security basics to protect against the Conficker."

He advised that enterprises should use strong passwords and educate employees on the importance of it, keep systems up to date by installing security updates in "a timely fashion", keep abreast of tactics that attacks are employing and always deploy an antivirus solution from a trusted source.

Australian malware rate stays stable

The report placed the rate of Australian infections as being lower than the global rate. Out of every 1000 Australian machines checked in the fourth quarter of 2011, the researchers found 4.6 to have malware, under the global average of 7.1. The preceding quarters had infection rates of 5.3 in Q3, 4.6 in Q2 and 5.3 in Q1.

Conficker didn't rate as the most prevalent malware discovered on Australian PCs, either. That honour went to JS/Pornpop, which resided on 9.7 per cent of the computers cleaned in Australia. The JS/Pornpop family enables the display of pop-under advertisements, which usually push pornography.

The second most common threat was Win32/Keygen, which was present on 7.8 per cent of cleaned computers. This family generates product keys for illegally obtained versions of software products. The third most prevalent malware was Win32/Hotbar, again used for displaying pop-up ads, infecting 5.7 per cent of computers cleaned. The fourth most common threat (on 5.7 per cent of cleaned computers) was Win32/Zbot, a password-stealing trojan family that also enables unauthorised access and control of affected machines.

Suzanne Tindal contributed to this article.

Via ZDNet Asia