More than a million PCs turned to zombies

NOT A WEEK goes by without new dangers to users of Windows, and it's only fair to list the latest examples since it falls within our scope.

USB drives continue to be a risk to Windows because of the way the operating system handles devices insertion (namely execution) and the privileges it hands over to untrusted code.

Businesses who may not have applied a Microsoft patch issued last year are now being attacked by a worm targeting the vulnerability.

Multiple security organizations have issued warnings about the worm, deemed Downadup, which attacks the vulnerability outlined in the Windows Server service flaw, MS09-067, that was patched last October, Zdnet.com reports. The worm uses a dictionary attack in an attempt to crack user passwords, as well as using "server-side polymorphism and modification to the Access Control Lists."

According to this report from The Register, the Major League Baseball (MLB) Web site is serving malware which is only Windows compatible. The click-to-install or drive-by-install (ActiveX) paradigm takes its toll.

Once again, Major League Baseball's website has been caught serving ads designed to infect its considerable base of visitors with malware that trashes their machines.

With so much malware afloat, it's hardly surprising that almost 1 in 2 PCs is a zombie PC and it keeps getting worse. (emphasis below is ours)

The Storm Worm has been causing havoc for over two years now, transforming more than a billion computers into drones. Following a surprisingly unsuccessful mission by Microsoft’s Malicious Software Removal Tool around 100,000 drones still remain.

This fight is being taken to the Web as well. NATO's Web site has just been cracked, as well as Web sites of the United States military.

The attacks on Thursday took down the Web sites for The United States Army Military District of Washington and the NATO Parliamentary Assembly, according to Zone-H, a Web site that tracks defacement activity.

The IRS, which is most likely operating in a Windows-based environment, may suffer a similar fate.

Auditor: IRS Still Vulnerable to Cyber Breaches

"These deficiencies represent a material weakness in IRS's internal controls over its financial and tax processing systems," the GAO report said. "Until IRS takes these steps, financial and taxpayer information are at increased risk of unauthorized disclosure, modification, or destruction, and the agency's management decisions may be based on unreliable or inaccurate financial information."

Well, at least no lives at risk this time around... 'just' people's finances. How reassuring. ⬆

Cracking the bank