Conficker: Old Malware Causing New Security Problems
Researchers behind Microsoft's latest biannual Security Intelligence Report found that the 3-year-old Conficker worm is still causing issues in many enterprises. Although Microsoft released a patch shortly after the malware was detected in 2008 and researchers haven't discovered a new variant of the worm fin over two years, many businesses are still struggling to eliminate the issue. How prevalent is the worm? Microsoft's Security Intelligence Report reveals that Conficker has been detected almost 220 million times since 2009. During that same period, infections increased 225 percent each quarter, and the worm is still infecting new machines. The sobering statistics make Conficker the most prolific malware in existence.
Director of Microsoft's Trustworthy Computing Tim Rains said in a briefing last week, "It's surprising that [the worm] has this kind of staying power." This clearly isn't the good kind of surprise. The worm, which exploits a remote code execution vulnerability in Windows machines, creates a network (a botnet) from the infected machines that attackers can use to compromise other targets. Security researchers organized and formed the volunteer-based Conficker Working Group in 2009. Thus far, the group has been able to disrupt communication between hackers and infected machines; this means hackers can no longer control those computers that were once part of the botnet. The Conficker Working Group has reduced the negative impact of the worm, but there is an enormous risk of attackers regaining control of infected machines.
In the case of Conficker, security researchers found that almost 100 percent of recent infections were due to weak passwords and unpatched systems. This means these infections were easily avoidable. Conficker is not a unique case. Digital criminals are churning out malicious software at an increasing pace. Although some small and midsize businesses (SMBs) rationalize that investments in computer security are too costly and therefore not a priority, cleaning up the fallout in the wake of an infection is almost always more time consuming, costly, and stressful than proactively implementing security practices. Many of those practices are fairly straightforward: strong passwords, installing antivirus software, and performing timely patching.
Organizations can no longer afford to think they are too small or unimportant to be a target. In the current environment, any business that stores sensitive or private data is susceptible to having that data exposed. That means they must make security a priority. The impact of a security breach due to Conficker infection or any of the other millions of malware strains released each year aren't just a technical detail. A successful attack can have enormous negative impacts on competitiveness and revenue. Security incidences commonly result in loss of trade secrets, damage to customer and partner confidence, costly legal and regulatory issues, and many other problems that most SMBs have difficulty absorbing.
Luckily, many high-quality, low-cost security products are available for SMBs to protect themselves. The products are sophisticated, but they will not install themselves. Businesses have to realize the importance of security and make the effort to protect themselves.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.