EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.22.09

One Windows Worm, One Week, and Possibly 250,000,000+ New Windows Zombies

Posted in Microsoft, Security, Windows at 6:14 am by Dr. Roy Schestowitz

Time for urgent “Change”

THIS IS A HUGELY important issue that we tracked a few days ago. We already knew that almost 1 in 2 Windows PCs had become zombie PCs, but it keeps getting worse. According to this report, as many as one in three Windows PCs may have been occupied by one single worm in a matter of just days! That’s how serious it is.

The computer worm responsible for the biggest attack in years has infected at least 1 out of every 16 PCs worldwide, a security company said Wednesday, and may have managed to compromise as many as nearly 1 in 3.

This may be the right time to contract law-makers or regulators and make a request for new laws to be applied to bad platforms that can leave people dead.

The victims of this latest storm are so many and the BBC says that even a UK-based Fire and Rescue service is downed by its use Windows, which came under virus attack.

Strathclyde Fire and Rescue has said its IT network has “come under attack from a computer virus”.

Once again, this is costing lives.

Vista and Vista 7, as we pointed out a few days ago, are not immune. It’s more of the same.

Windows worm trickery for Vista

The Conficker virus has opened a new can of worms for security experts.

Drives such as USB sticks infected with the virus trick users into installing the worm, according to researchers.

Microsoft would like naive reporters to propagate the perception that this could happen to anyone, but it was Microsoft itself that said: “Our products just aren’t engineered for security.” Well, now they find out?

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

8 Comments

  1. David Gerard said,

    January 22, 2009 at 9:50 am

    Gravatar

    I’m quite pleased to see that press articles I’ve seen on the subject make it clear this is a Windows problem, not one that affects all computers.

    (One story suggested in the headline it would affect Linux systems running Wine – which is a real concern, as Wine is good enough to run most worms – but the end of the story asked if anyone had seen Conficker running in Wine and could verify it actually did anything. ?!)

  2. Roy Schestowitz said,

    January 22, 2009 at 10:27 am

    Gravatar

    That’s like saying that the chef is dangerous because he carries a knife (for chopping carrots and stuff).

  3. David Gerard said,

    January 22, 2009 at 10:38 am

    Gravatar

    Well, yeah. It’s quite easy for an app to break out of its WINEPREFIX (referred to as “bottles” in CrossOver), so Wine-aware malware could certainly trash your home directory, try to read your Firefox passwords, etc. (This is not easy to reliably secure against, and the Wine project isn’t bothering to try. If you really want to run toxic waste in Wine, create a new user and do it there.) However, much like theoretical Mac OS X or Linux viruses, there remain 0 examples in the wild.

  4. David Gerard said,

    January 22, 2009 at 10:39 am

    Gravatar

    The key point was, the article was basically an attention-grabbing headline that was actually a complete lie. Ad-banner trolling.

  5. Roy Schestowitz said,

    January 22, 2009 at 10:44 am

    Gravatar

    Which article?

  6. David Gerard said,

    January 22, 2009 at 3:25 pm

    Gravatar

    This one:

    http://network.itproportal.com/articles/2009/01/21/linux-windows-7-beta-could-be-hit-downadup-worm/

    Page 1: “Furthermore, there are rumours that even Linux could be affected by the Worm if they run Wine, an application that allows Linux to execute programs written for the Windows environment. In theory, the virus would only affect the Windows partition rather than the whole operating system.”

    Page 2: “It would be great if someone could confirm the Linux rumours and Wine’s autorun.inf capabilities.”

    i.e. we made up some rubbish to give a splash headline.

  7. Roy Schestowitz said,

    January 22, 2009 at 3:30 pm

    Gravatar

    Extra extra!

    Chef Could Murder Waiter

    Page X: “It would be great if someone could confirm the chef cut the waiter and not onions.”

  8. Yggdrasil said,

    March 31, 2009 at 7:18 pm

    Gravatar

    Where exactly do you get this figure of 250 million? That number is 100 million more than the total number of Internet users in the United States alone. One of your references from Panda Security suggests rates anywhere from 1 in 16, all the way to 1 in 3. Why so high? Because as the article states, Panda security based this data on machines that had come to the website to have their machine scanned. Imagine the percentage of people who go to the doctor due to symptoms of illness, you might find a high percentage who are sick. Everything else was pure speculation, with little hard evidence. While, I’m not surprised you use the worse figure you could find, I’m surprised you don’t better analyze the sources you use to test their integrity. This reflects poorly on you.

    Late January, UPI reported 15 million Conficker infections:

    http://www.upi.com/Top_News/2009/01/25/Virus_strikes_15_million_PCs/UPI-19421232924206/

    But the real nitty gritty from the article is here:

    “Symantec noted on its blog last week that very few computers in North America had been infected, a trend which it attributed to the greater prevalence of legal and fully patched software.”

    In several other places on this site you note that there is no way to be safe with Windows, yet as the article shows, legitimate installed were not affected. Not only because security updates are downloaded, but since XP SP2 the Windows Firewall is enabled by default.

    While you dispute the obscurity of Linux on the desktop, it’s interesting to note that even popular distros like Ubuntu do NOT have a firewall enabled be default. This is unwise, regardless of how many countless security updates are installed.

What Else is New


  1. Microsoft Windows Unsafe at Any Speed, by Design

    More timely reminders that Windows is simply not designed to be secure, irrespective of version, status of patching, etc.



  2. After Moonlight Dies and Even Microsoft Abandons Silverlight, the Abusive Monopolist Keeps Pushing for Other Microsoft Lock-in, Injecting OOXML Traps Into Free Software (Moodle)

    Despite a long history of Microsoft formats being proven guarantee of digital obsolescence, Moodle allows itself to become Microsoft prey and a Trojan horse for OOXML in classrooms (for children)



  3. Links 4/7/2015: Mostly (Geo)Political Catchup

    Links for the day



  4. Links 3/7/2015: KDE Applications 15.04.3, Ubuntu-Flavored Compute Stick

    Links for the day



  5. Patent Lawyers and Their Firms, Still Desperate to Protect the Status Quo, Manipulate the Media

    Patent lawyers are besieged by gradual tightening of patent scope and recklessly fight back (e.g. by saturating the media) to secure their revenue sources, derived from (and at the expense of) actual scientists and true market producers



  6. Amid Controversy, Political Scrutiny and Increased Media Pressure Željko Topić and Benoît Battistelli Allegedly Cancel Today's Trip to Zagreb (Croatia) Where Topić Faces Many Criminal Charges

    The Croatian press comments on the recent declaration from the Council of Europe and Topić's not-so-sterling status in his home country, where he is wanted for alleged crimes



  7. Microsoft Gradually Embraces, Extends, Extinguishes Linux Foundation as a Foundation of GNU/Linux

    By liaising with (or hijacking) existing members of the Linux Foundation, as well as by paying the Linux Foundation, Microsoft turns the Linux Foundation into somewhat of a Windows advocacy group



  8. Microsoft India Still Lobbies and Lies About Free Software in Order to Knock Down Policy That Favours Free Software

    Microsoft continues to bully Indian politicians who merely 'dare' to prefer software that India can modify, maintain, extend, audit, etc.



  9. Patent Lawyers and Corporate Media Nervous About New Patents Barrier/Reality (Less Patents on Software and Business Methods)

    The rich and the powerful, as well as their lawyers (whose job is to protect their money and power by means of government-enforced monopoly), carry on whining after the Alice case, in which many abstract patents were essentially ruled -- by extension -- invalid



  10. Translation of Pierre-Yves Le Borgn' Speech Against EPO Management and New Parliamentarian Interventions

    More political fire targeting the EPO's management, adding up to over 100 parliamentarians by now



  11. Links 2/7/2015: KDE Plasma 5.3.2, antiX 15

    Links for the day



  12. Links 1/7/2015: OpenDaylight Lithium, OpenMandriva Lx 2014.2

    Links for the day



  13. Munich Press, Münchner Merkur, Slams the Munich-based EPO

    Pressure on Benoît Battistelli to leave (or be fired) grows as the cronies whom he filled his office with have become a huge public embarrassment to the decades-old European Patent Office



  14. The Shameless Campaign to Paint/Portray Free Software as Inherently Insecure, Using Brands, Logos, and Excessive, Selective Press Coverage

    Some more FUD from firms such as Sonatype, which hope to make money by making people scared of Free/libre software



  15. National Insecurity and Blackmail, Courtesy of Microsoft

    British members of parliament (MPs) outsourced their communication to the number one PRISM company and they are paying the price for it; The US Navy's systems continue to be unbelievably insecure (Windows XP), despite access to the world's biggest nuclear arsenal



  16. Microsoft Keeps Shrinking

    As the era of shrink-wrapped software comes to an end so does Microsoft, whose effort to become a 'cloud' company with online operations has been miserable at best



  17. They 'R' Coming: More Microsoft Money for the Linux Foundation

    The problem with having Microsoft in a Linux Foundation initiative, the R Consortium



  18. Speculations About the EPO's Possible Role in DDOS Attacks

    Readers' views on who might be behind the attacks on this site amid confirmation that it's on the 'targets' list of the EPO



  19. Links 30/6/2015: Linux Mint 17.2, OpenMandriva

    Links for the day



  20. Techrights Confirmed as a Target of EPO Surveillance, With Help From Control Risks Group (CRG)

    Unveiling the cloak of secrecy from long-term surveillance by the European Patent Office (EPO) and a London-based mercenary it hired, bypassing the law



  21. Google's Fight to Keep APIs Free is Lost, Let's Hope Google Continues Fighting

    SCOTUS refuses to rule that APIs cannot be considered copyright-'protected', despite common sense and despite Java (which the case is about) being Free/libre software



  22. Patent Trolls in the Post-Alice World

    A round-up of news about patent trolls in the United States, some of whom are are doing well and some of them not as well



  23. DDOS Attacks Against Techrights

    Information about some of the most recent DDOS attacks against this Web site and the steps to be taken next



  24. The Patent System Not What it Used to be, Large Corporations and Patent Lawyers the Principal Beneficiaries

    A look at some recent patent stories and what can be deduced from them, based on statistics and trends



  25. After Intervention by the Council of Europe Comes a Detailed Summary of the Situation in the European Patent Office (EPO)





  26. IRC Proceedings: May 31st - June 27th, 2015

    Many IRC logs



  27. Links 28/6/2015: Manjaro Linux Cinnamon 0.8.13, VectorLinux 7.1

    Links for the day



  28. Williamson v. Citrix Online (at CAFC) Reinforces Alice v. CLS Bank (at SCOTUS) in Crushing Software Patents

    More patent news from the United States, again serving to indicate that software patents over there are getting weak (harder to defend in court or acquire from the patent office)



  29. Proskauer Rose LLP is Cherry-Picking Cases to Make Software Patents Seem Eligible Despite Alice v. CLS Bank

    Naming and shaming those who are trying to reshape the consensus despite a rather consistent pattern of software patents being rejected



  30. IAM Biased: How IAM 'Magazine' Glorifies Patent Stockpiling

    A look at the bias of one of the most overzealous sites for and by patent lawyers


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts