1-in-10 Windows PCs still vulnerable to Conficker worm
Thursday, April 8, 2010 8:18More than a year after doomsday reports hinted that the Conficker worm would bring down the Internet, one-in-10 Windows PCs still have not been patched to plug the hole the worm wriggles through, new data shows.
And 25 of every 1,000 systems are currently infected with the worm.
[ The DHS is studying a global response to the Conficker botnet. | Fine-tune your network in two weeks -- for free! InfoWorld's Networking Boot Camp will help you double-check the fundamentals and show you how to optimize your infrastructure. The email classes start Monday, April 12, 2010. Sign up now! ]
According to Qualys, a security risk and compliance management provider, about 10 percent of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft ‘s MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers.
Just 11 days after Microsoft delivered the emergency update, antivirus vendors said a worm, variously tagged as Conficker and Downadup, was using the Windows vulnerability , as well as other methods, to aggressively attack PCs and build a massive botnet. By January 2009, some security firms estimated that Conficker had compromised millions of PCs .
Concern about Conficker reached a crescendo as mainstream media, including CBS’ 60 Minutes television program, reported that the worm was set to update itself on April 1, 2009. Because of the size of the Conficker botnet — estimates ran as high as 12 million by that point — and the then-unknown next move by the hijacked PCs, hype ran at fever pitch. Some speculated that the huge botnet would go on a distributed denial-of-service (DDoS) rampage, crippling large swaths of the Internet.
In the end, Conficker’s April 1 update passed quietly. But its botnet — anywhere between four and seven millions machines — is still intact, and by Qualys’ reckoning, significant numbers of PCs are still be vulnerable to attack.
Qualys regularly measures what it calls “persistence,” the percentage of machines that are never patched against a specific vulnerability. According to Qualys’ data, the percentage of unpatched PCs typically stabilizes at between 5 percent and 10 percent, with an average around 7 percent-8 percent.
Nearly a year-and-a-half after Microsoft delivered MS08-067, the update’s persistence is at the 10 percent mark, the high side of the usual range, said Wolfgang Kandek, Qualys’ chief technology officer.
