Summary: More victims of Conficker ("dozens of hospitals") and no real solutions to this from Microsoft

IN recent months we've come across many cases where hospitals went awry due to their use and/or dependence on Microsoft Windows. To give as examples some recent posts, we have:

1. New Casualties of Microsoft Windows?
2. Death by Microsoft Windows
3. US Army Becomes Zombies Army; London Hospitals Still Ill (Windows Viruses)
4. Utah Has Novell, SCO, and... Conficker in the Hospitals
5. Windows in the Emergency Room

Here are some new ones for the list:

1. Feds' red tape left medical devices infected with computer virus

The Conficker Internet virus has infected important computerized medical devices, but governmental red tape interfered with their repair, an organizer of an antivirus working group told Congress on Friday.

2. Conficker worm hits hospital devices

A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat.

So, according to that last article, "dozens of hospitals in the United States and other countries" are affected. This is serious. There a lot more about Conficker in the news this week, e.g.:

• Conficker is moving again.
• Conficker worm begins attacking PCs
• Conficker worm dabbling with mischief
• Conficker adds new weapon: spam

Where is Microsoft in all this?

Internet security experts say that the computer worm known as Conficker, which has the ability to silently penetrate vulnerabilities within the Microsoft operating system, is beginning to rear its ugly head.

They say that the software is installing new and malicious programs on some of the computers it has already invaded with the aim of using those PCs to send out criminal spam and scrounge around on unsecured computers for valuable personal data, Reuters reported Friday.

[...]

Experts say that the Conficker worm has already dug into millions of PCs but only been activated in a small percent of them. It was feared that the makers of the software program would trigger a massive attack on April 1. While that didn’t happen, the US Computer Emergency Readiness Team (US-CERT) said earlier this month that it has detected a new variant of the worm that “updates earlier infections via its peer-to-peer network against unpatched systems.”

Microsoft is awkwardly quiet, having ignored lots of trouble that we also covered in:

• Microsoft's Blame-Shifting Strategy Precedes More Trouble
• Leave Microsoft Alone
• Never Blame Microsoft, Blame Users and Exploits
• Botnets and Bounties Versus Real Security
• Is Windows to Blame for Cracking of Federal Aviation Administration (FAA)?
• Windows Problems Take Down Airplanes, JFK Airport, Houston Municipal Courts
• Turkey, France, United Stated Under Attack by Microsoft Windows Insecurities
• Microsoft Adopts Malware Techniques to Advance .NET
• Windows Botnets Go Out of Control, Obama Web Site Delivers Windows Malware
• One Windows Worm, One Week, and Possibly 250,000,000+ New Windows Zombies
• UNIX/Linux Offer More Security Than Windows: Evidence
• Eye on Microsoft: Another Messy Week for Security

Microsoft only works on improving its perception through work on 'security' (not the same as actually making its products secure), sparingly using the term "memorandum of understanding" to describe eventhis latest deal:

The Economic and Financial Crimes Commission [EFCC] and Microsoft yesterday signed a Memorandum of Understanding [MoU] to jointly combat internet crime in Nigeria. This was disclosed in a joint press briefing of the EFCC and representatives of Microsoft held at the headquarter of the anti-corruption agency.

There is also this report:

The Economic and Financial Crimes Commission and Microsoft on Thursday in Abuja signed a Memorandum of Understanding to curb internet crime and piracy in Nigeria.

Microsoft should quit lying about what it calls "piracy". Moreover, it should pay attention to Conficker because it harms not only its own customers; it also bothers users of other operating systems, more or less as a side effect on the Internet. ⬆