Conficker remains biggest threat to enterprises

Worm detected 220 million times worldwide in past two and a half years--increasing by more than 225 percent since start of 2009--spreading mostly through weak and stolen passwords, report finds.

The Conficker worm is the largest threat to enterprises, and the worm continues to spread mostly due to weak or stolen passwords and vulnerabilities which require security patches, a report reveals.

According to the Microsoft Security Intelligence Report volume 12 (SIRv12), which analyzes online threat data, released Wednesday, the Conficker worm, was detected 220 million times worldwide in the past two and a half years, making it the biggest threat to enterprises. In the fourth quarter alone, the worm had been detected on 1.7 million systems worldwide.

The report analyzed online threats from July to December last year, from 600 million systems from more than 100 countries worldwide.

The worm steals administrative passwords, and uses it to log onto every other machine in the network, thereafter compromising those machines. It was first detected in November 2008.

The report also found that quarterly detections of the Conficker worm increased by more than 225 percent since the start of 2009.

Examining the reasons behind Conficker's prevalence in enterprises, the research found that 92 percent of Conficker infections were due to weak and stolen passwords, and 8 percent of infections exploited vulnerabilities, for which a security update exists.

Commenting on the findings of the report, Tim Rains, director of product management at Microsoft's Trustworthy Computing, noted that it was "astonishing" that the majority of the attacks had been due to weak passwords, instead of unpatched vulnerabilities.

"So many enterprises are running on weak passwords," he remarked. "It is important that they focus on security basics to protect against the Conficker."

He advised that enterprises should use strong passwords and educate employees on the importance of it, keep systems up to date by installing security updates in "a timely fashion", keep abreast of tactics that attacks are employing and always deploy an antivirus solution from a trusted source.

Top Threats Q411 Singapore (Microsoft SIRv12)
 ThreatCategory% of computers affected
2Win32/KeygenPotentially Unwanted Software8.6
6Win32/ZwangiPotentially Unwanted Software5.7

Singapore malware rate falling
However, delving into Singapore findings, it was found that the Conficker worm was not in the country's top ten threats, and the malware infection rate in Singapore was falling.

Using the yardstick of computers cleaned per mile (CCM), or how many computers were infected out of every thousand, Singapore had fallen from 12.6 in the first quarter of last year, to 5.7 in the fourth quarter of 2011. This was below the worldwide average of 7.1.

Among the top ten threats in Singapore last quarter, Autorun, a family of worms which spreads by copying itself to the network or removable drive of an infected computer, had been the most prevalent, affecting 10.6 percent of computers. This was followed by Keygen, a generic detection for tools that generate product keys for illegally obtained versions of various software products, affecting 8.6 percent of computers.

Threats from the Adware category, or targeted pop-up ads based on the monitoring of Web-browsing activity, had been the most common, infecting 32.3 percent of computers in the country.

Rain noted that the prevalence of Adware may "not necessarily a bad thing". Adware was "not that severe" compared to malware such as the Conficker worm and Trojan droppers, he explained. It is more of a threat to users' privacy because it tracks their browsing habits and serves advertisements based on where they visit, he remarked.

<p>"Hence, the fact that it is the most common category Singapore's top ten threats is actually a good thing, unlike some regions in the world such as Pakistan, Turkey, Albania and Egypt which have less Adware and more malware infections," he said.