My favorite line from the article:

"Of course, the real problem is that people haven't patched their software. If people do patch their software, they should have little to worry about," he added.

There was a time when waiting and manually applying all MS patches was a good idea. I only do that now on my primary machines. I've started putting all the others on automatic update. The argument for putting Windows into automatic update mode are getting stronger even for experienced users.

Of course you can only do that if you have 'genuine windows', not a pirate version. But those folk aside, it's really no effort to have two hours a week set aside for autoupdate.

I recently had to reinstall Windows XP Home on a system that was badly messed up. Amongst other problems, it had not updated for about three months despite automatic updates being enabled. I doubt that machine is unique.

I'm not sure I understand how this worm can be spread by USB flash drives. So far as I am aware, whilst autoplay is supported in XP from SP2 onwards, a dialog is always displayed first with options. I guess those that get infected this way click Yes to everything. If this does not cover the USB infection method, I think Microsoft have some explaining to do.

Kaled.

After three days, estimates of infection triple to nearly 9 million.

[news.bbc.co.uk...]

Kaled.

The hacker put a lot of creative effort into this one. It even resets the restore date on you.

what is the goal of this one, a botnet or something?

Somehow I got this at midnight Christmas Eve on one of my machines which *is* automatically patched. Displays popups related to "Spyware Guard 2008" and redirects my browser search efforts away from sites offering antivirus info and antivirus downloads. Blocks updating antivirus software. And yes, restore date can't go back before the infection date.

Booting and operation of computer is slow and very erratic. Monitor screen is filled with virus warnings that are generated by the malware. This is a home machine that's not on a network. Uses Windows XP and IE7 (also sometimes FF3.0

Affects machines differently. Some have reported that simply going back with restore eliminates it. But restore generally can't go back before infection date.

What is the goal of this one, a botnet or something?

On the surface it tries to sell antivirus software but some people have said they can't buy it using the method the virus offers. (I certainly haven't tried that!)

My infected machine has important files that I would like to move. Any ideas on whether those data and text files would be safe? Meanwhile I'm just parking the infected computer until more is known.

I think Microsoft have some explaining to do.

Agree. I don't buy the line that its the users' fault. My machine WAS automatically updated. This virus is exploiting all sorts of weaknesses.

Interesting that CA defines the overall risk as low [ca.com], and seem pretty confident about dealing with it.

It's not only windows update that's essential, but an antivirus program with frequent updates, too.

CA started charging fees a couple of years ago, but there's several 'free' programs around that offer frequent updates, such as AVG - but be careful, some of them will find viruses, but not remove them eg 'StopSign'. How helpful is that? Just a scam to make you cough up at whatever price when you are in panic mode!

Is it just IE that is the hole here? My daughter uses the vista machine with Chrome or firefox. She only uses it every alternate weekend.

And yes, the blasted thing auto updates, usually in the middle of a movie.

the blasted thing auto updates, usually in the middle of a movie.

You can set the time for auto updates via the Automatic Updates control panel.

The default is 3am - but if the computer is off it will happen soon after you switch it on.

...

I got hit by a trojan about 2 weeks ago, the 1st in over 3 years running XP. It's a known trojan, yet removal tools from Norton can't find it, but Windows Defender does. I wonder if it is related to this attack, but I am surprised that after all these years of careful Firefox browsing, I finally get hit.

Here's an explanation of how USB sticks are involved...

If the description is accurate (not sure) it is possible to open a program from the autoplay dialog whilst it pretends to merely open a folder - Yikes!.

[news.bbc.co.uk...]

Kaled.

You've really got to wonder why people spend their time doing this, and if it is particularly "intelligent" why they aren't doing it for a living rather than to cause mayhem.

Sadly, they are doing it for a living.

This sort of cyber-crime is big business, typically based in Russia but China, India and others also contribute. Western gangs tend to be more direct, concentrating on identity theft, etc. This may be because anti-hacking laws carry severe penalties whilst identity-theft laws carry pretty pathetic penalties.

Kaled.

Downandup/Conficker worm infects 9 million PCs
2009-01-21 - [tech.yahoo.com...]

The numbers of infected machines are increasing...

How bad has it gotten? Estimates range from 3.5 million infected in the first four days after it began spreading to 9 million impacted... and getting worse. By now I figure the numbers could top 15 or 20 million.

The current advice to rid yourself of/prevent this worm:

• Check your Admin passwords for weak passwords [microsoft.com] (Check under Analysis tab)

• Make sure you've installed the patch described in MS08-067 [microsoft.com]

• Run Microsoft's Malicious Software Removal Tool [microsoft.com] (MSRT).

• Disable AutoPlay for your USB drives

Quadrille; something I hadnt considered, these pirate machine are more than likely to be most of the ones hosting this virus. Maybe Mircosoft should consider patching security holes in these machines.

I suspect MS are more than happy to see pirates get wormed; trouble is, they are a reservoir of infection for 'clean machines'.

But I can't see MS changing that policy in a hurry!

Given that security updates can be installed manually even if the copy of XP is not legit (and updates can be installed automatically for Windows 2000) it's hard to understand why WGA validation is required for automatic installation of security updates.

Surely, WGA validation should only be required for non-security updates (such as Media Player).

Kaled.

M$ runs on a patent business model; you don't pay, you don't get the service. Anything that undermines sales would break their model.

Piracy of windows is HUGE issue for MS - and they really don't have an answer to it; they have already dropped prices in many developing countries - but AFAIK, that simply reduced their income, it did not have an appreciable effect on piracy.

It is not true that you have to have validation for auto updates to work.

Are you sure?

It used to be; I had to a have a long conversation with an M$ employee after my computer rebuilding led them to suspect I was using one windows on two machines. That happened after I was blocked.

Let me put it this way.

I live in a country where almost all PC's here are sold with questionable copies of XP.

A "friend's" computers update regularly the first Tuesday of every month.

Just make sure that you have auto update turned on & don't click any little windows that pop up on the bottom of your screen. That's the validation check. If you accidently click it just cancel it once you get to the first screen.

I do not condone people having illegal copies of MS software & would never do so myself.