Conficker infections an indictment of IT security, says CWG

Conficker worm infections reflect the “sad state of affairs of IT security”, says the Conficker Working Group

The fact that enterprise computers continue to be infected by the six-year-old Conficker worm reflects the “sad state of affairs of IT security", says the Conficker Working Group (CWG).

“The problem is that Conficker has lost its buzz and is not regarded as a threat anymore,” Rodney Joffe, chair of the CWG told Computer Weekly.

Underlining the persistence of Conficker, researchers found the worm accounted for almost a third of the top 10 malware infections in PCs for the first half of 2014.

According to the firm’s threat report for first six months of the year, Conficker has infected millions of computers in more than 200 countries.

Joffe said that, while the infected population remains constant at around 600,000 machines worldwide, new IP addresses, mainly for enterprise PCs, are added daily while others fall off.

“IT security teams have stopped caring, despite the fact we continually publish reports on this issue, but there is just so much you can beat people over the head,” he said.

Although Conficker is no longer active, with the last new variants of the worm appearing in March 2009, it continues to infect PCs and disable their anti-virus and Windows update systems.

“This means infected machines are typically unprotected from the latest malware because the anti-virus systems are not working and the Windows operating system is not getting security updates,” said Joffe.

“But because of the way Conficker works, everything appears to be fine because the malware is designed to indicate that everything is working normally and software is up to date,” he said.

As a result, the CWG has found that machines infected with Conficker typically have 20 to 30 pieces of other malware installed.

“The disabling of anti-virus and Windows update when it installs is the real danger,” said Joffe.

He believes Conficker is largely responsible for enterprise computers continually being infected with malware because two basic defences have been turned off without IT security teams being aware.

More on the Conficker worm

  • Conficker remains big malware threat to business
  • Conficker still a threat to business, finds Security Intelligence Report
  • Conficker worm update: How does Conficker spread?
  • How to stop Conficker: Anti-Conficker patch management, defense
  • Cybersecurity community 'learned valuable lessons from Conficker'
  • Conficker still a threat, says Working Group
  • Conficker virus cuts off Greater Manchester Police
  • Printers at risk of Conficker worm
  • Conficker worm targets Southwest Airlines
  • Security researchers continue hunt for Conficker authors
  • Parliament falls victim to Conficker virus attack

Read more on Hackers and cybercrime prevention