Kaspersky Lab: 19 million Windows systems encounter Stuxnet in just 8 months

Over 19 million Microsoft Windows systems across the world continue to encounter the notorious Stuxnet malware due to the reluctance by users in emerging countries to upgrade from Windows XP to a new version of the OS.

Related: “How to protect from a Stuxnet attack? Simple." Eugene Kaspersky speaks at CeBIT 2014

Kaspersky Lab’s “Windows usage and vulnerabilities” report found that between November 2013 and June 2014 users across Windows XP, Vista, Windows 7, Server 2003 and 2008 encountered the problem despite Microsoft’s security update issued back in 2010.

The zero-day vulnerability being exploited is CVE-2010-2568, which comes about due to an error in processing tags contained within the Windows OS that allow attackers to load a random DLL without the user knowing.

Of the instances spotted by Kaspersky Lab, most were in Vietnam [42.45 per cent], India [11.7 per cent], Indonesia [9.43 per cent], Brazil [5.53 per cent], and Algeria [3.74 per cent].

Vietnam, India and Algeria are some of the countries that lead the way in Windows XP usage, which is far and away the largest source of CVE-2010-2568 detections with 64.19 per cent. Windows 7, the most widely-used OS on the planet, came out in second with 27.99 per cent of detections and Server 2008 and 2003 made up 3.99 per cent and 1.58 per cent respectively.

"This type of situation obviously creates an on-going risk of malware infection in organisations where these vulnerable servers still operate," says Vyacheslav Zakorzhevsky, Head of the Vulnerability Research Team at Kaspersky Lab. "Therefore we urge corporate IT managers to devote more attention to ensuring that software is kept up to date on corporate computers, and to employ adequate cyberthreat protection tools."

Windows XP reached its end-of-life earlier on this year and Microsoft has been working hard to stress the advantages of upgrading to a new version of the OS in order to prevent falling victim to security problems.

Related: Russian nuclear power plant “badly affected” by Stuxnet

Stuxnet was first detected in July 2010 and Microsoft was quick to release a security patch that fixed the problem with Kaspersky of the opinion that many simply haven’t bothered to apply to patch that protects against its infiltration.Porthole Ad