According to (via Computerworld) F-Secure, more than 3.5 million PCs were infected with a new worm that exploits a months-old Windows bug in a matter of days. The "Downadup" or "Conficker" worm gives over full control of the infected machines enabling opportunities for a large botnet, for example. Right now the worm tries to scam users into buying fake security software (ironic, right?) with pop-up messages.
The Windows bug, which can be fixed by this security update, exploits a bug in the Windows Server service used on Windows 2000, XP, Vista, Server 2003 and Server 2008. The number of estimated computers infected, as of January 14th, was 3,521,230. That was up more than 1.1 million in just the 24 hours previous.
Windows recommends installing the update and running the software removal tool. The fact that so many computers were infected with this worm though the patch was available since October shows just how few people keep their software updated. This is a basic tenet of security for both individuals and companies.
So, is your software up to date? Why not run a check?
If you're a Computrace customer, run a report to make sure that your machines have the most up-to-date patches.
And getting a lot of buzz - that Paris Hilton's nearly defunct website was hacked to host malware, probably for quite some time.
Image; wax115 @ morguefile