Yes, WINDOWS.
Take that and stick in in your FUD pipe Loverock.
Potential 'big badass botnet' spreading fast
Summary
F-Secure says the Microsoft-flaw-exploiting Downadup worm infected more than a million PCs on Wednesday. The company warns of a "big badass botnet" forming.
Topics
The 'Downadup' worm is spreading quickly and now infects more than 3.5 million PCs, according to the security company F-Secure.
In a blog post on Wednesday, F-Secure put the total number of infected machines at an estimated 3,521,230 — a rise of more than a million machines over the previous day's tally. The security firm bases its estimates on information it has gleaned by tapping into infected machines.
Downadup, which also goes by the name of Conficker, exploits a vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. It executes a dictionary attack in order to try cracking user passwords, in the process locking user accounts out of the Active Directory domain. It emerged a week ago that Downadup can also infect USB sticks, thereby propagating on the client side.
F-Secure's chief research officer, Mikko Hyppönen, wrote in a blog post on Tuesday that the infected PCs had the potential to form "one big badass botnet". Hyppönen pointed out that the Downadup worm works by trying to connect to various web addresses. "If the worm finds an active web server at one of these domains, it will download and run a particular executable — thus giving the malware gang a free hand to do whatever they want with all of the infected machines," he wrote.
"[Downadup] uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com," Hyppönen wrote. "With this algorithm, the worm generates many possible domain names every day… This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place. However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines. Pretty clever."
Hyppönen then said F-Secure had determined some domains that would be generated by Downadup, and registered them. It was through this method, which gave the firm access to the infected machines, that F-Secure has been able to determine the approximate number of victims.
"Right now, we're seeing hundreds of thousands of unique IP addresses connecting to the domains we've registered," Hyppönen wrote. "A very large part of that traffic is coming from corporate networks, through firewalls, proxies, and NAT routers. Meaning that one unique IP address that we see could very well be 2,000 infected workstations in real life."
Graham Cluley, senior technology consultant at Sophos, told ZDNet UK on Thursday that "businesses should already have patched this vulnerability when the Microsoft patch came out some weeks ago". He urged those businesses that had not yet patched to do so as soon as possible, adding that companies should check laptops and USBs coming into the company, for example, by using a network access control (NAC) product.
Talkback Most Recent of 39 Talkback(s)
-
itanalyst2@...15th Jan 2009 -
Which part of...
Which part of "...patched since October" did you not understand? Did your beloved Linux/OS X not also have at least one severe vulnerability patched since October?
The only thing it proves is that with Window's massive success, even a small percentage of unpatched systems are still enough to spread something like this.
Now let that be a lesson to those that think they are "smart" by not paching OSes when they should. You know, "smart" people that turn off automaic updates.
Qbt15th Jan 2009 -
You have to forgive him
This guy is obsessed with me. Just like he mentioned me in his post, he follows me around on other talkbacks as well, and if I don't post he always asks for me. I think he's sick in the mind to be so obsessive over me, but it is a bit flattering.
Loverock Davidson15th Jan 2009 -
Still Running From My Challenge Lovey?
BAWK BAWK BAWK!!!itanalyst2@...15th Jan 2009 -
Mac OS 6.8 or Windows 3.11
No network, no problem.
phatkat16th Jan 2009 -
So long as he is not a Mark Chapman
Watch your backside... He seems to be OS obsessed... I may not be a fan of Windows but I do enjoy the banter...
agohige16th Jan 2009 -
And yet there are still at least
3.5 million systems infected with more falling every hour... and if I am reading this correctly being patched isn't good enough... I am going back and read some more when I can...
Linux User 14756015th Jan 2009 -
You are not reading it correctly
Basically, bad wording on ZDNet's part:
...spreading through the now patched MS08-067..
Should really be reworded to something like:
...spreading through systems that have not yet been patched with MS08-067...
But I am sure that doesn't matter. What matters is making it sound as if Windows is just insecure, minimizing the fact that it has been patched months ago and that the sheer number of Windows systems makes even a small percentage of unpatched systems a worthwhile target.
If you patch 90% of all Windows systems on the planet, there are still more unpatched Windows systems than there are OSX and Linux systems combined (talking about desktop here). I guess you need to be really dumb not to see why they keep going after Windows. If the idiots that turn off automatic updates would just get a wake-up slap, this would become much less of a problem.Qbt15th Jan 2009 -
So if...
...this was happening to Apple or Linux based systems it
wold be because they are rubbish. Because its happening
to the "bestest OS evah (tm)", it because the other two are
rubbish and not "bestest OS evah (tm)". Nice logic. Yes
GNU/Linux and Apple issue regular updates and patches,
but Windows excels at it!!! Gentlemen, I give you patch
Tuesday. NONE of the other OS are patch with that much
regularity, and its not because they are slow or rubbish,
quit the opposite, it's because the kernels a inherently
more stable. Beside, with the market share Microsoft have,
they should do better.
SimonUK15th Jan 2009 -
Ubuntu
I get patched at least a couple of times a week on Ubuntu 8.04-LTS. The only time I ever noticed not getting patched was about a two week span over the past holiday season. But that doesn't mean the subsequent release (8.10) wasn't patched. Canonical does a great job of keeping supported releases of Ubuntu updated and secure.
djchandler16th Jan 2009 -
This is such nonsense
The idea that Mac systems are virus free is complete rubbish. I manage IT for a broadcast production company in London; we have a lot of contributors who are Mac users and often submit their data on USB flash drives or external drives - these drives are riddled with viruses. Mac systems are typically full of viruses; just because they aren't apparent to a Mac user doesn't make those systems any more secure, in fact, unknowingly transferring malcious viruses is even less secure. To pretend otherwise and sit there with the attitude, "Well, it doesn't effect MY system," is completely stupid. The minute one of those drives or infected documents is passed to the target platform, that system is vulnerable.
It's the same thing as a moronic Windows user who doesn't use a virus scanner, wonders why their computer is SO slow and is ignorant to the fact that their system is part of a botnet; the viruses are there on a Mac system even if they remain undetected by the user and eventually they will be transmitted. All computer systems should have virus scanners, regardless of the platform.
Also, what a tiresome nonsense it is to listen to users of a minority platform pretending the system is somehow more secure. Microsoft Windows is on at least 90% of the world's desktops; target a vulnerability and you're potentially effecting 90% of the world's computer users. Windows is obviously more exposed by the sheer size of its user base. Pretending that Mac OS X is some kind of invulnerable, ultra-hardened OS is just a joke. Frankly, you should find better things to do with your time.
soneil6617th Jan 2009 -
What's needed to install a Linux virus on your computer.
Nothing to do with Marketshare link
Joe.Smetona17th Jan 2009 -
If you patch *100%* of all Windows systems on the planet ..."
They still won't be protected from future vulnerabilities until *after* an appropriate "patch" is written and subsequently applied.
You can say that my chances of getting killed by lighting strike are --- statistically --- greater than getting killed from a skydiving accident (or getting my Windows system infected).
Time out. I don't go skydiving, so the odds of my getting killed that way are ZERO.
And, I don't do Windows. So, my chances of getting the Conficker worm are ZERO.
But, hey, Swiss Cheese is still full of holes.
Bwaaaa haaaa haaaa
brian ansorge16th Jan 2009 -
But...
What if a skydiver strikes (lands on top of, hits) you as you're walking down the road minding your own business. For that matter, even if you're in your car and the parachute obliterates your view and you subsequently crash, your chances aren't zero.
Freakish things do happen.djchandler16th Jan 2009 -
Well...
Flaws unexploited are not as much fun as flaws exploited. That and in case you (or Microsoft) have yet to notice, when "patch Tuesday" comes around those with the inclination are given more targets to aim for. After all, there are enough people in the Microsoft ecosystem that can't patch (for lots of valid reasons), or don't patch (for all sorts of reasons).
Given Microsoft's vast human and financial resources, it is surprising that they churn out code that is so exploitable, both in the past and now. That they couple that with a giant neon sign called "patch Tuesday" that gives the message "hurt me now and hurt me often" so very loud and clear is just annoying.
zkiwi15th Jan 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
