17 May 2010

Engaging article on Conficker worm

Mark Bowden has a great article, The Enemy Within, which describes how the Conficker worm infected millions of computers worldwide:

… because so many people fail to apply the patches promptly, and because so many machines run on illegitimate Windows systems, Patch Tuesday has become part of Microsoft’s problem. The company points out its own vulnerabilities, which is like a general responsible for defending a fort making a public announcement—“The back door to the supply shed in the southeast corner of the garrison has a broken lock; here’s how to fix it.” When there is only one fort, and it is well policed, the lock is fixed and the vulnerability disappears. But when you are defending millions of forts, and a goodly number of the people responsible for their security snooze right through Patch Tuesday, the security bulletin doesn’t just invite attack, it provides a map! Twenty-eight days after the MS08-067 security bulletin appeared, Conficker started worming its way into unpatched computers.

Security specialists still aren’t sure what the attacker intends to use the massive network under his control to accomplish.