computerworld.com — Calling the scope of the attack "amazing," security researchers at F-Secure Corp. today said that 6.5 million Windows PCs have been infected by the "Downadup" worm in the last four days, and that nearly nine million have been compromised in just over two weeks.Security
Jan 16, 2009 View in Crawl 4
x0epyon0xJan 17, 2009
<a class="user" href="http://www.governmentsecurity.org/forum/index.php?showtopic=1480">http://www.governmentsecurity.org/forum/index.php? ...</a> <-- list of services that should be disabled and/or removed from XP machines.
shnizepJan 17, 2009
Also there is another remote execution exploit out there similar to this one that Microsoft has a patch for released last week. <a class="user" href="http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx">http://www.microsoft.com/technet/security/bulletin ...</a>
buckrogers1965Jan 17, 2009
Think of the street cred a cracker could get by being the first to crack a secure platform.
freakinrepublicJan 19, 2009
lolli lol....but its actually a front flip...
johnnysoftwareJul 12, 2009
Now that I think about it, considering Microsoft was writing non-Y2K compliant spreadsheet application in 1998, having to wait 4 years since Microsoft and Windows antivirus vendors made this comment a bit irrational.Microsoft's and Windows-PC pundits predictions about the future are often not right.1. No one will ever need more than 640K bytes of RAM.2. There will be no more16/32 bit operating system after Windows 95. From here on, it will only be 32 bit operating systems based on Windows NT (told by Bill Gates to a Windows NT user's group). Windows 95 was followed immediately by Windows 98 and Windows and Windows ME. Both were based on Windows 95 - not on Windows NT.3. Successful malware attacks are based on popularity not vulnerabilities. [Funny but losing popularity last year did reduce successful attacks - it caused them to increase to as many as the previous several years combined]. So far all the multimillion record data thefts are still reported to be taking place on MS-Windows.]4. Mac OS X viruses are here. No, wait forget that Mac viruses are coming soon. We will see Mac worms this year. I mean this year. No, this year. Okay, look lets just drop it.I hope those people who made those wrong predictions realize that the write-off period for depreciating a computer is just several years. That means Macs could have been bought instead of PCs when those "cry wolf" predictions were made, used and fully depreciated, and then replaced with a second Macintosh already.Given that the people who made that prediction failed to detect the Sony malware trojan/backdoor rootkit and in fact no one found it for over a year after it was in the wild it seems they were sadly wrong in more ways than one.One other thing. in the "visionary" book "The Road Ahead" by Bill Gates, I don't seem to remember mention that the number of successful malware attacks against MS-Windows computers would increase geometrically year after year. Nor do I recall that Zero-Day Exploits would become common and the latest version of antivirus software even fully patched and up to date would be incapable of detecting many malware attacks.One thing I like about they guys who make Macs and the guys who make Linux is they don't give you propaganda about the future that seems to take place in some alternate universe.They give you products. And they're solid and they work. Most of the time they ship when they said they would ship and they always seem to ship what they said they would ship.
johnnysoftwareJul 12, 2009
If that were true then by definition NO ZERO DAY EXPLOIT would ever exist! Last week, Microsoft announced yet ANOTHER zero day exploit.People who say it is too hard to find a vulnerability are such gullible saps. You find vulnerabilities by testing software and debugging it. Freaking every software company is supposed to test their software and debug it. Tons of companies get paid to test a companies software for them and perhaps even more make their money off of testing the software written by a DIFFERENT company than the company that PAYS them to do the testing.Shocking as it may be, because professional programmers have been finding/fixing bugs in their software, they use a software-based debugger or hardware-based emulator to diagnose problems. The i86 processor family has had emulator circuitry on-chip since the 1980s and hardware emulators for microprocessors have been around since at least the 1970s.So yeah, if nobody knows how to test or debug software and all vulnerabilities being found are being found by Microsoft employees working inside MIcrosoft then sure that is right.Here is the deal. Lots of the vulnerabilities found & reported to Microsoft and Apple each year are uncovered by people who don't work for them. And THEN those companies write a fix for it if the reporter did not furnish one, test it, and release it in a standard system update or an oddball manually applied patch.So you know what? The notion that holding back information about a problem indefinitely will prevent hacks holds water like a sieve.Sure, exploits do come out after a patch because it is easy to compare the executables "before" and "after" image.But the fact that good researchers are finding the bugs directly from the software before the patch exists and Microsoft knows about it, and singing a Microsoft NDA - does not mean that bad researchers are not finding them and signing an NDA with some who is eventually going to let it be used in yet another Zero-Day Exploit.That does not even require technical knowledge to understand. All it requires is common sense and a little critical, logical thinking.
johnnysoftwareJul 12, 2009
True, true.I think more Windows PCs have been disabled in the past month by false positives in their antivirus software attacking part of the Windows operating system - than 10x or 100x the number of Macs that have been disabled by intentionally malicious software.