The Conficker worm, which spreads by infecting Windows computers who are not properly kept up-to-date, was supposed to make a big splash on April 1, but that day passed with a deafening silence on the Conficker front. Since then, there has been some movement by the worm, and data gathered from enterprise users of Sophos’ Endpoint Assessment Test indicates that 10% of Windows machines have still not been properly patched, leaving them wide open to a Conficker infection.
Last week, the botnet created by Conficker machines started to update itself through the built-in peer-to-peer update mechanism. The latest variant, Conficker.e, now downloads a rogue anti-spyware application called SpywareProtect2009, and asks users if they want to clean their system for a price of USD 49.95. In fact, it will only remove fictional components, leaving the real malware intact. This new variant is scheduled to function until May 3.
The Sophos Endpoint Assessment Test is a free online test which checks if you have all the latest patches and service packs installed, whether or not you’re running a firewall and antivirus software, and if those are all up-to-date and running. If you take the results from this test from just March of this year, 10% of the people using this test had not installed the now six-months-old security patch from Microsoft that prevents the Conficker worm from infecting Windows machines. This patch was released well before Conficker got out in the wild.
It is literally appalling to see so many computers out there who have not been properly kept up-to-date. I can understand problems home users might have with this – up to a point – but seeing so many professional institutions with IT staffs getting infected by Conficker just shows how utterly incompetent these so-called “IT-pros” really are. There is only so much stupidity and laziness you can counter with updating mechanisms and prompt patching.
If I were responsible for one of these infected networks at important organisations – the UK Royal Army, the German Bundeswehr, and others – I’d seriously reconsider my employment status.