92pc of Conficker infections down to stolen passwords – report

26 Apr 2012

The Conficker worm has been detected about 220m times worldwide in the past two and a half years, making it one of the biggest ongoing threats to enterprises, the Microsoft Security Intelligence Report volume 12 shows.

The research, which includes analysis of data from more than 600m systems worldwide, also shows that 92 pc of Conficker infections were a result of weak or stolen passwords, and 8pc of infections exploited vulnerabilities for which a security update exists.

Quarterly detections of the Conficker worm have increased by more than 225pc since the beginning of 2009, says the report. In the fourth quarter of 2011 alone, Conficker was detected on 1.7m systems worldwide.

“Conficker is one of the biggest security problems we face, yet it is well within our power to defend against,” said Tim Rains, director of Microsoft Trustworthy Computing.

“It is critically important that organisations focus on the security fundamentals to help protect against the most common threats.”

Microsoft recommends that customers and businesses take the following steps to maintain IT security:

• Use strong passwords and educate employees on their importance

• Keep systems up to date by regularly applying available updates for all products

• Use antivirus software from a trusted source

• Invest in newer products with a higher quality of software protection

• Consider the cloud as a business resource