Conficker Tops Security Concerns in Microsoft Security Report

Conficker worm will continue to trouble IT despite lack of new variants in two years.

The Conficker worm should continue to be a top concern in enterprise security, despite the lack of any new variants seen in the wild in over two years according to a new Microsoft report.

Microsoft's warning appeared in its just-released Microsoft Security Intelligence Report (SIR), which examined security information from over 600 million systems worldwide between July and December of last year.   According to the report, the prevalance of the Conficker malware increased 225 percent since 2009 and was seen on 1.7 million systems during the 6 months analyzed.

"Conficker is one of the biggest security problems we face, yet it is well within our power to defend against," said Tim Rains, director of Microsoft Trustworthy Computing, in a call discussing the report. "It is critically important that organizations focus on the security fundamentals to help protect against the most common threats."

Strong passwords remains a best practice enterprises should address. As evidence, the report pointed out that 92 percent of Conficker infections in organizations were caused by either weak or stolen passwords. (The other eight percent were caused by exploiting vulnerabilities in unpatched software.)

Microsoft also reported that overall vulnerability disclosures were down 10 percent compared with the first half of 2011, a consistent downward trend since 2006. Microsoft cited overall improved security protocols by software firms as being responsible for the improvement.

"This trend is likely because of better development practices and quality control throughout the industry, which results in more secure software and fewer vulnerabilities from major vendors, who are most likely to have their vulnerabilities associated with a distinct CVE [common vulnerabilities and exposure] identifier," the SIR report states.

Overall, vulnerabilities were also down for the second half of 2011. High-risk vulnerabilities dropped by 31.1 percent; medium-risk vulnerabilities -- the largest number of disclosures -- fell by 3.5 percent compared to the the first half of 2011.   Low-complexity vulnerabilities dropped 13.7 percent, the SIR report says.

The report categorized vulnerabilities by type. Those in applications accounted for 71.2 percent of all vulnerabilities, and OS vulnerabilities dropped by 34.7 percent. Microsoft-specific holes accounted for 6.4 percent of all reported vulnerabilities -- a decrease of 6.8 percent.

The rate of malware detection during the second half of last year decreased by 1.7 percent in the United States, while Germany (up 30.4 percent) and Russia (up 28.5 percent) had the biggest changes in malware detection.

"Detections and removals in individual countries/regions can vary significantly from quarter to quarter," said Microsoft in the report. "Increases in the number of computers with detections can be caused not only by increased prevalence of malware in that location, but also by improvements in the ability of Microsoft antimalware solutions to detect malware."

During Microsoft's telephone conference call, Rains said that the best approach for organizations with regard to security is to adopt a holistic approach to guard against both targeted and broad-based attacks. The approach should focus on prevention, detection, containment and recovery.

Microsoft's full SIR report can be found here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

comments powered by Disqus