Microsoft warns Conficker malware still a threat to users

The Conficker malware still resides on millions of PCs worldwide, according to research from Microsoft.

The company said in its latest Security Intelligence Report that though Conficker has faded from the public eye, the malware is still spreading and poses a significant threat to enterprises more than two years after its initial discovery.

According Microsoft's research, Conficker infections or attacks were detected as many as 1.7 million times in the fourth quarter of 2011 alone, up by roughly 100,000 from the same period in 2010.

The conficker malware was first spotted by researchers in late 2008 and began spreading in earnest by early 2009.

The malware was the source of frenzied speculations and worry when researchers discovered that certain versions of Conficker were set to activate a call-home feature on 1 April, 2009.

After the 1 April deadline passed without incident Conficker faded from the public eye and quietly continued to infect new users.

The most concerning factor about the malware, according to Microsoft, is its choice of targets and means of spreading.

The company found that the Conficker Trojan had been able to infect a large number of enterprise systems by attacking network resources.

Researchers estimate that as many as 92 per cent of Conficker infections were spread by guessing weak passwords on network resources. Other infections were found to be exploiting common vulnerabilities in unpatched versions of Windows XP.

Microsoft suggested the relatively unsophisticated nature of the spread showed that many firms are leaving easily-addressed security holes open and undermining their larger IT security efforts.

"Labelling cyber threats as ‘advanced’ is often times misleading and can divert organisations’ attention away from addressing basic security issues, which can prevent more common threats from infiltrating their systems," said Microsoft Trustworthy Computing director Tim Rains.

"Most attacks do not possess new, super-advanced techniques or technology as the APT label implies; in the majority of cases, they simply exploit weak or stolen passwords or vulnerabilities for which a security update exists and employ social engineering.”