Microsoft Corp. has released the Microsoft Security Intelligence Report volume 12 (SIRv12), which found that the Conficker worm was detected approximately 220 million times worldwide in the past two and a half years, making it one of the biggest ongoing threats to enterprises. The study also revealed the worm continues to spread because of weak or stolen passwords and vulnerabilities for which a security update exists.
According to the SIRv12, quarterly detections of the Conficker worm have increased by more than 225 percent since the beginning of 2009. In the fourth quarter of 2011 alone, Conficker was detected on 1.7 million systems worldwide. In examining the reasons behind Conficker’s prevalence in organizations, research showed that 92 percent of Conficker infections were a result of weak or stolen passwords, and 8 percent of infections exploited vulnerabilities for which a security update exists.
Tim Rains, Director, Microsoft Trustworthy Computing said, “Conficker is one of the biggest security problems we face, yet it is well within our power to defend against. It is critically important that organizations focus on the security fundamentals to help protect against the most common threats. Labeling cyberthreats as ‘advanced’ is often times misleading and can divert organizations’ attention away from addressing basic security issues, which can prevent more common threats from infiltrating their systems. Most attacks do not possess new, super-advanced techniques or technology as the APT label implies; in the majority of cases, they simply exploit weak or stolen passwords or vulnerabilities for which a security update exists and employ social engineering.