We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Conficker: Microsoft says two basic security steps might have stopped infections

If businesses and consumers stuck to security basics, they could have avoided all cases of Conficker worm infection detected on 1.7 million systems by Microsoft researchers in the last half of 2011.

According to the latest Microsoft Security Intelligence report, all cases of Conficker infection stemmed from just two attack methods: weak or stolen passwords and exploiting software vulnerabilities for which updates existed.

More: Microsoft: Conficker still the top corporate network threat

BATTLING BOTS: Microsoft names alleged Kelihos botnet creator 

So using strong passwords and boosting password security in combination with promptly patching known vulnerabilities would have gone a long way toward reducing the number of Conficker infections, which rose by more than 500,000 in the fourth quarter of 2011, according to the study.

Despite these simple steps, Conficker has remained at the top of the enterprise threat list for the past two and a half years, the study says.

In defense of computer owners, the worm often carries key loggers that steal passwords, says Tim Rains, Microsoft's director of trustworthy computing. The report includes a graphic listing some of the passwords that Conficker tries when it's on a machine inside the enterprise trying to get into file shares, and the list is a who's who of weak passwords (11, 22, admin, asdfgh, foofoo, Password).

The report has recommendations for businesses trying to battle advanced persistent threats (APT), which it describes as targeted attacks that can use a variety of methods and that are carried out by adversaries who are very determined. That determination and commitment to long-term infiltration are the key features of APTs, Rains says.

To fight them requires holistic risk management that includes prevention, but also effective detection. A big-data approach to aggregating network security and traffic data and analyzing it for anomalous behavior increases the chances of noticing malicious activity of stealthy malware, he says.

Businesses should also architect their networks in segments designed to contain successful attacks, giving IT security more time to discover them and respond. That response should be well thought out and rehearsed so it can be implemented quickly when the time comes, he says.

(Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at [email protected] and follow him on Twitter https://twitter.com/#!/Tim_Greene)

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Windows 10 launch event as it happened: Read our Windows 10 launch live blog - find out first as...

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Video trends: 4K is here – HDR video, VR and 3D audio is coming

IDG UK Sites

Best iPhone 6, iPhone 6 Plus deals: iPhone 6, iPhone 6 Plus tariffs, contracts and prices UK