Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Warning over PCs still at risk from Conficker

Security researchers say 20 percent still at risk

By Gregg Keizer, Computerworld (US) | Published: 04:52, 14 April 2009

One in five PCs is still at risk of being attacked by the Conficker worm, despite the copious warnings about the need to patch vulnerable machines.

That's according to security company Qualys, after scans of more than 300,000 of its customers' PCs revealed that 20 percent of them were still unfiked, even though patching of the MS08-067 vulnerability picked up dramatically two weeks ago.

"The media attention about the April 1 date got people scanning like crazy," said Wolfgang Kandek, Qualys' chief technology officer, referring to the trigger date hard-coded into Conficker, the worm that used the MS08-067 vulnerability to infect millions of machines earlier this year. "We saw three to four times more scans [for the worm] than usual on March 30."

Related Articles on Techworld

Microsoft Windows 7 security changes backported to XP, Vista

Qualys, like several other security vendors, had issued a Conficker detection tool prior to 1 April, when the worm was set to switch to a new communications scheme for instructions from its hacker overlords.
The percentage of scanned PCs vulnerable to the MS08-067 bug began falling April 1, said Kandek, and within several days had dropped from about 40 percent to just under 20 percent. "The whole thing about April 1 was a good thing," Kandek said. "Before [April 1], the number of machines still vulnerable to MS08-067 was probably comparable to other Microsoft vulnerabilities. Now it's better than average."

Kandek could offer no reason for the reticence of some sysadmins to patch their machines. "I don't know why that is," Kandek said. "They could be older machines, or machines not considered important, or even Windows running on an ATM. Whatever it is, it's hard for me to understand why they're not patched."

Qualys' scans also revealed that about 5 percent of the PCs pinged were actually infected with one of the four Conficker variants. "That's a relatively low number, but because the Conficker numbers are staggering - it's infected millions - it's really a sizable number," said Kandek.

Last week, Conficker's handlers began updating already-infected PCs, and used the opportunity to also install spam bots and phony anti-virus software on those systems. Conficker.e, as the new variant has been dubbed, restores the worm's ability to spread to machines not yet patched against the MS08-067 vulnerability.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.