1-in-10 Windows PCs still vulnerable to Conficker worm

A year after doomsday reports, 10% of systems unpatched against worm's exploits

More than a year after doomsday reports hinted that the Conficker worm would bring down the Internet, one-in-10 Windows PCs still have not been patched to plug the hole the worm wriggles through, new data shows.

And 25 of every 1,000 systems are currently infected with the worm.

According to Qualys, a security risk and compliance management provider, about 10% of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft 's MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers.

Just 11 days after Microsoft delivered the emergency update, antivirus vendors said a worm, variously tagged as Conficker and Downadup, was using the Windows vulnerability , as well as other methods, to aggressively attack PCs and build a massive botnet. By January 2009, some security firms estimated that Conficker had compromised millions of PCs .

Concern about Conficker reached a crescendo as mainstream media, including CBS' 60 Minutes television program, reported that the worm was set to update itself on April 1, 2009. Because of the size of the Conficker botnet -- estimates ran as high as 12 million by that point -- and the then-unknown next move by the hijacked PCs, hype ran at fever pitch. Some speculated that the huge botnet would go on a distributed denial-of-service (DDoS) rampage, crippling large swaths of the Internet.

In the end, Conficker's April 1 update passed quietly. But its botnet -- anywhere between four and seven millions machines -- is still intact, and by Qualys' reckoning, significant numbers of PCs are still be vulnerable to attack.

Qualys regularly measures what it calls "persistence," the percentage of machines that are never patched against a specific vulnerability. According to Qualys' data, the percentage of unpatched PCs typically stabilizes at between 5% and 10%, with an average around 7%-8%.

Nearly a year-and-a-half after Microsoft delivered MS08-067, the update's persistence is at the 10% mark, the high side of the usual range, said Wolfgang Kandek, Qualys' chief technology officer.

That shouldn't come as a shock. In December 2008, Kandek said users weren't in any hurry to deploy the MS08-067 patch. In fact, they weren't applying it any faster than the usual fixes Microsoft issued, even though it was an emergency update.

Although Conficker may be a forgotten memory for most, the botnet's not dead, experts have said. On last week's one-year anniversary of the April 1 doomsday deadline, officials at the U.S. Department of Homeland Security said the agency was preparing a report on the global struggle to keep Conficker at bay. Dubbed the Conficker Working Group, the collection of security experts and Internet domain authorities tried to cripple the worm by blocking it from updating its botnet.

"In terms of learning, it's been a great success," Rodney Joffe, a member of the group, told the IDG News Service's Bob McMillan last week. "In terms of defeating Conficker, it's gotten us nowhere."

Qualys' data backs that up: About 2.5% of the PCs that the company scanned are infected with the Conficker worm.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityconficker

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?