1-in-10 Windows PCs still vulnerable to Conficker worm
A year after doomsday reports, 10% of systems unpatched against worm's exploits
Computerworld - More than a year after doomsday reports hinted that the Conficker worm would bring down the Internet, one-in-10 Windows PCs still have not been patched to plug the hole the worm wriggles through, new data shows.
And 25 of every 1,000 systems are currently infected with the worm.
According to Qualys, a security risk and compliance management provider, about 10% of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft's MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers.
Just 11 days after Microsoft delivered the emergency update, antivirus vendors said a worm, variously tagged as Conficker and Downadup, was using the Windows vulnerability, as well as other methods, to aggressively attack PCs and build a massive botnet. By January 2009, some security firms estimated that Conficker had compromised millions of PCs.
Concern about Conficker reached a crescendo as mainstream media, including CBS' 60 Minutes television program, reported that the worm was set to update itself on April 1, 2009. Because of the size of the Conficker botnet -- estimates ran as high as 12 million by that point -- and the then-unknown next move by the hijacked PCs, hype ran at fever pitch. Some speculated that the huge botnet would go on a distributed denial-of-service (DDoS) rampage, crippling large swaths of the Internet.
In the end, Conficker's April 1 update passed quietly. But its botnet -- anywhere between four and seven millions machines -- is still intact, and by Qualys' reckoning, significant numbers of PCs are still be vulnerable to attack.
Qualys regularly measures what it calls "persistence," the percentage of machines that are never patched against a specific vulnerability. According to Qualys' data, the percentage of unpatched PCs typically stabilizes at between 5% and 10%, with an average around 7%-8%.
Nearly a year-and-a-half after Microsoft delivered MS08-067, the update's persistence is at the 10% mark, the high side of the usual range, said Wolfgang Kandek, Qualys' chief technology officer.
That shouldn't come as a shock. In December 2008, Kandek said users weren't in any hurry to deploy the MS08-067 patch. In fact, they weren't applying it any faster than the usual fixes Microsoft issued, even though it was an emergency update.
Although Conficker may be a forgotten memory for most, the botnet's not dead, experts have said. On last week's one-year anniversary of the April 1 doomsday deadline, officials at the U.S. Department of Homeland Security said the agency was preparing a report on the global struggle to keep Conficker at bay. Dubbed the Conficker Working Group, the collection of security experts and Internet domain authorities tried to cripple the worm by blocking it from updating its botnet.
"In terms of learning, it's been a great success," Rodney Joffe, a member of the group, told the IDG News Service's Bob McMillan last week. "In terms of defeating Conficker, it's gotten us nowhere."
Qualys' data backs that up: About 2.5% of the PCs that the company scanned are infected with the Conficker worm.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts