Keeping Windows machines updated is always important, but it is especially important right now. The conficker worm (also known as downadup, downup, and kido) is estimated to have infected 9 million computers and is spreading rapidly (the number of infections has tripled in the past few days. This worm exploits a flaw in all recent versions of Windows, including server versions and Vista. Microsoft issued an out-of-cycle patch in OCTOBER to correct the flaw, but an estimated ONE-THIRD of Windows machines do not have the patch installed. AMAZING

This is worm, so it requires NO USER ACTION for the exploit - any un-patched Windows machine is a sitting duck if it is not protected by a properly-configured firewall. It can also spread through removable devices (another good reason to disable autorun). It also wages brute-force attacks against network passwords. It attaches itself to critical Windows processes and downloads additional malware. NASTY

The January version of Microsoft's Malicious Software Removal Tool (MSRT) is supposed to be able to detect and remove this threat. Microsoft recommends installing their emergency update, and then running the MSRT.

More details are available in this Wikipedia article.

Dennis H in West Virginia, US

January 19, 2009