Posted on 04/08/2010 4:17:47 PM PDT by Swordmaker
More than a year after doomsday reports hinted that the Conficker worm would bring down the Internet, one-in-10 Windows PCs still have not been patched to plug the hole the worm wriggles through, new data shows.
And 25 of every 1,000 systems are currently infected with the worm.
According to Qualys, a security risk and compliance management provider, about 10% of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft's MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to file and print servers.
Just 11 days after Microsoft delivered the emergency update, antivirus vendors said a worm, variously tagged as Conficker and Downadup, was using the Windows vulnerability , as well as other methods, to aggressively attack PCs and build a massive botnet. By January 2009, some security firms estimated that Conficker had compromised millions of PCs .
(Excerpt) Read more at reuters.com ...
Even with all the auto-patches and stuff it can’t help those that are completely clueless.
It would be nice if companies could force patch your system but then they’d get sued.
Smug might be self gratifying though.
I have all my auto updates off, because that constant running in the back ground drives me nuts. It slows my system down. But, I have a little app that I can add reminders to and it’ll pop up a window to remind me to update. I do updates on my virus scanner ever few days and my other patches I check about once a month unless I get some kind of notice. Maybe I should do it more often, but, I don’t.
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008.[1] It uses flaws in Windows software and Dictionary attacks on administrator passwords to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. Conficker has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer,[2] with more than seven million government, business and home computers in over 200 countries now under its control. The worm has been unusually difficult to counter because of its combined use of many advanced malware techniques
Technology companies and experts across the globe have been working together to halt the spread of Conficker, disrupt its communications and uncover who created the worm. Microsoft has even issued a $250,000 bounty for information leading to the arrest and conviction of Conficker’s authors. Despite the security sector’s best efforts, very little is known about the origins of Conficker or its purpose. Nevertheless, some breakthroughs have been achieved. On March 30, Security experts with the Honeynet Project discovered a flaw in Conficker that makes it much easier to detect infection. IBM researcher Mark Yayson also believes he has discovered a way to “detect and interrupt the program’s activities,” according to The New York Times.
That’s not really true and that’s all I will say about that. I can’t legally go further than that.
I don’t blame you.
Yes you should check more often or at least subscribe to security alerts from the software vendors whose software you run.
An out-of-band security patch is typically something you would want to get patched immediately. Microsoft has something called patch tuesdays where they issue their hotfixes once per month. But when they release a hotfix that doesn’t come out on the scheduled patch Tuesday it means it’s a real threat and it needs to get patched ASAP.
Unless your real name is for-q-clinton, why not?
It could be an NDA or a security clearance or that I don’t know what I’m talking about. Feel free to take your pick and I won’t be commenting more than this on the issue.
Thanks for the info. I’ll go over to microsoft and check out the hotfix email notice.
” I won’t be commenting more than this on the issue.”
I don’t blame you!
BTW - aren’t you taking chances with your screen name?
Isn’t 25:1000 1:40?
didn't stop to calculate... just repeated the article... should have. Still WAY TOO MANY...
We wish it WERE true... that same report popped up in mid February... and nothing came of it. I think it's one of those worms that the only way to get rid of it is to shut down the members of the bot and wipe them... if you can find them.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.