New Windows Worm Reaches Half a Million Machines

A recent report states that the new Windows worm dubbed Conficker has now infected over 500,000 PC’s worldwide and is still growing. It is said to be spreading mostly over corporate networks with its highest concentration in the United States. Conficker targets an exploit in the RPC functions of the Server service of unpatched Windows machines. Machines that are infected have yet to apply the security update [MS08-067] that was released by Microsoft in late October.
Conficker "opens a random port between port 1024 and 10000 and acts like a web server." Once infected, the computer "will download a copy of the worm via HTTP using the random port opened by the worm. It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore. It is not that the malware authors care so much about the computer as they want to make sure that it won't be infected by other malware" Microsoft said.
This is a perfect example of why we are facing unprecedented levels of Malware infection lately. We have seen the formation of a Botnet that [by number of machines] rivals some of the largest in existence and this happened in a matter of weeks. This type of infection happening so quickly is not a surprise considering the number of unpatched computers that are out there.
Recent statistics released by Secunia a “vulnerability intelligence provider” states that less than 2% of all Windows PC’s are fully patched. This leaves an astounding 98% of these machines that had at least one installed application that is vulnerable to a known security flaw. The data was taken from 20,000 users of the free software inspector. These numbers would indicate that PC’s are ripe for the picking for malware authors.
Here are the particulars from Secunia:

· No insecure programs: 1.91% of Windows machines
· 1-5 insecure programs: 30.27% of PCs
· 6-10 insecure programs: 25.07% of PCs
· 11+ insecure programs: 45.76% of PCs

One way to avoid this happening is to keep up with the most recent Windows updates. You can also protect yourself by updating any software for which there is a new version available that corrects one or more security flaws.