| By Woody Leonhard |
It’s been a hellacious week for security admins all over the world: the polymorphic worm known as Downadup, Conficker, and Kido has infected millions of computers.
Fortunately, you can scan, scour, and secure your systems by following four relatively simple steps.
Remember the patch that Microsoft released suddenly — “out of cycle” in the parlance — back in October 2008? Windows Secrets followed suit with an out-of-cycle news bulletin about the patch on Oct. 24. Susan Bradley recommended that readers immediately install the update described in MS08-067 (KB article 958644) to protect against “a remote-code attack that could spread wildly across the Internet.”
Just as Susan predicted, the remote-code attacks started appearing shortly thereafter. On Oct. 26, Christopher Budd of the Microsoft Security Response Center posted the following in the MSRC blog:
“We are aware that people are working to develop reliable public exploit code for the vulnerability. We are aware of discussion about code posted on a public site, but our analysis has shown that code always results in a denial of service, to demonstrate the vulnerability. So far, we’ve not seen evidence of public, reliable exploit code showing code execution.”
By mid-November, the Microsoft Malware Protection Center (MMPC) said in a blog posting that it had collected “over 50 distinct exploits of this vulnerability.” However, MMPC said the instances were very limited: “We’re getting a very small number of customer reports for these attacks.”