26 Apr 2012

Conficker Still Affected 1.7 Million in Q4 2011

Conficker infected 1.7 workstations around the world in the last quarter of 2011, more than three years after the worm was first detected, according to Microsoft’s Q4 Security Intelligence Report volume 12. The rate of infection has increased despite widespread availability of tools to fight it.

Believed to be an outbreak predicted to last two years at most, in Q4 2011 a 255 percent detection increase since 2009 has been reported by Microsoft.

Conficker has surfaced under multiple variants. Although Microsoft rushed to release security patches and updates, companies and end-users are still vulnerable due to Conficker’s ability to self-update by automatically connecting to hundreds of attacker-controlled domains.

"Conficker is one of the biggest security problems we face, yet it is well within our power to defend against," said Tim Rains, director of Microsoft Trustworthy Computing. "It is critically important that organizations focus on the security fundamentals to help protect against the most common threats."

The worm still poses a risk and the possibility of causing denial of service attacks or other malicious activities is still high. However, adopting an antivirus software solution and using strong passwords could ensure the best protection from Conficker.

"Labeling cyberthreats as 'advanced' is often times misleading and can divert organizations' attention away from addressing basic security issues, which can prevent more common threats from infiltrating their systems," Rains said. "Most attacks do not possess new, super-advanced techniques or technology as the APT label implies; in the majority of cases, they simply exploit weak or stolen passwords or vulnerabilities for which a security update exists and employ social engineering."