We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

10% of PCs still vulnerable to Conficker

25 in every 1,000 still infected with virus

One in ten Windows PCs are still vulnerable to infection by the Conficker worm, even though its more than a year since web users were convinced the worm would bring down the internet, says Qualys.

The security firm also revealed that 25 of every 1,000 systems are currently infected with the worm.

Qualys said about 10 percent of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft 's MS08-067 security update.

MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers.

Just 11 days after Microsoft delivered the emergency update, antivirus vendors said a worm, variously tagged as Conficker and Downadup, was using the Windows vulnerability , as well as other methods, to aggressively attack PCs and build a massive botnet.

By January 2009, some security firms estimated that Conficker had compromised millions of PCs.

Concern about Conficker reached a crescendo as mainstream media reported that the worm was set to update itself on April 1, 2009.

Because of the size of the Conficker botnet - estimates ran as high as 12 million by that point - and the then-unknown next move by the hijacked PCs, hype ran at fever pitch.

Some speculated that the huge botnet would go on a distributed denial-of-service (DDoS) rampage, crippling large swaths of the internet.

In the end, Conficker's April 1 update passed quietly. But its botnet - anywhere between four and seven millions machines - is still intact, and by Qualys' reckoning, significant numbers of PCs are still be vulnerable to attack.

Qualys regularly measures what it calls 'persistence', the percentage of machines that are never patched against a specific vulnerability.

According to Qualys' data, the percentage of unpatched PCs typically stabilises at between five and 10 percent, with an average around seven to either percent.

Nearly a year-and-a-half after Microsoft delivered MS08-067, the update's persistence is at the 10 percent mark, the high side of the usual range, said Wolfgang Kandek, Qualys' chief technology officer.

That shouldn't come as a shock. In December 2008, Kandek said users weren't in any hurry to deploy the MS08-067 patch.

In fact, they weren't applying it any faster than the usual fixes Microsoft issued, even though it was an emergency update.

Although Conficker may be a forgotten memory for most, the botnet's not dead, experts have said.

On last week's one-year anniversary of the April 1 doomsday deadline, officials at the US Department of Homeland Security said the agency was preparing a report on the global struggle to keep Conficker at bay.

Dubbed the Conficker Working Group, the collection of security experts and internet domain authorities tried to cripple the worm by blocking it from updating its botnet.

"In terms of learning, it's been a great success," Rodney Joffe, a member of the group, said.

"In terms of defeating Conficker, it's gotten us nowhere."

Qualys' data backs that up: About 2.5 percent of the PCs that the company scanned are infected with the Conficker worm.

See also: Conficker cripples Greater Manchester police


IDG UK Sites

6 cheapest 4K TVs in the UK 2014: Get a UHD telly without breaking the bank

IDG UK Sites

Apple MacBook Air (11-inch, 256GB, Early 2014) lab tests and benchmarks

IDG UK Sites

How to stop your parents opening and responding to phishing emails

IDG UK Sites

Google to ship first Project Ara developer boards in July