Conficker continues to spread in Ireland

10 May 2010

The Conficker worm spread again in Ireland last month and was the most widely recorded piece of malware, according to data from the antivirus firm Eset. Conficker’s continued spread, more than two years after it first surfaced, is a sign that many Irish organisations aren’t keeping up to date with protecting their software, Eset said.

Eset, which has published its Global Threat Trends report for April, said it is possible to avoid most Conficker infection risks generically by practising ‘safe hex’: that is, by keeping up-to-date with system patches, disabling the Autorun feature in Windows and not using unsecured shared folders.

“In view of all the publicity Conficker has received and its extensive use of a vulnerability that’s been remediable for so many months, we’d expect Conficker infections to be in decline by now if people were taking these common-sense precautions. However, the Conficker Working Group estimates that there are still over 6 million infected machines out there,” Eset said in the report.

The spread of Conficker

Depending on the variant, Conficker may also spread via unsecured shared folders and by removable media, making use of the Autorun facility enabled by default in earlier versions of Windows, though not in Windows 7. Another threat presented by Conficker is to contact web servers with pre-computed domain names to download additional malicious components.

The second highest infection type found in Ireland last month was INF/Autorun, which affects removable media such as USB keys. Anyone plugging an infected key into a PC would cause the malware to spread to that machine.

Third highest with a share of 3.97pc, the Win32/Agent malware refers to a group of harmful applications which Eset said could leave user data exposed to an unauthorised third party. 

Eset also called attention to a spike in detections of the EICAR test file. Although the jump was not enough to put this into the Top 10 list, the company warned that the rise “suggests that someone is doing an astonishing amount of testing”.

The full Global Threat Report for April 2010 also covers the free antivirus debate, Apple security, false positives and Search Engine Optimisation. 

By Gordon Smith

Photo: The spread of Conficker malware may be an indication that many Irish organisations aren’t keeping up to date with protecting their software, antivirus firm Eset said

Gordon Smith was a contributor to Silicon Republic