If you need more proof that users are a weak link in computer security, look no further than today’s report from Symantec, which showed that hackers’ favorite target in 2011 was a security hole fixed about four years ago.
The flaw, in Microsoft Windows software, is no secret. In fact, it’s one of the most well-known security holes of all time, since it allowed the Conficker worm to spread and infect millions of PCs in 2008 and 2009, in one of the biggest hacking attacks on record.
Even though Microsoft closed the security hole long ago, it remains an attractive target because so many Windows users don’t update their machines. Hackers launched more than 61 million attacks against the vulnerability, making it the top target last year, according to Symantec.
Hackers attacking older vulnerabilities isn’t new. Symantec said that criminals prefer security holes that have been around for awhile because there is often a large pool of potential victims. Also, information about newer vulnerabilities is expensive on the black market, and attacking recently discovered bugs can attract more attention.
The finding illustrates a point that security professionals have long made, which is that many users aren’t doing their part to protect their computers. As Symantec’s report shows, that’s a behavior cyber criminals are counting on.