So recently, there's been quite the worm hitting a huge number of networks, working at a ridiculous speed. In 4 days, the worm had gone from infecting 2.4 million PCs to 8.9 million PCs. The worm seems to affect Windows XP, Vista, and Server 2003/2008 computers. This worm works like this:
- It starts scanning corporate networks for PCs that have the vulnerability
- Once it is discovered, the worm attempts to guess the user's passwords from a large dictionary of passwords until it gets in
- Once a PC is infected, the worm creates a list of domains to connect to
- The worm then connects to one of the servers and downloads additional malware
- The worm then spreads over a network or from an infected removable drive
The crazy thing about this worm is that it exploits a security hole that was patched on October 23, 2008. So while Microsoft did create the original security hole, it appears that end users and IT administrators were relatively slow in adoption.
Please, if you are an IT administrator, run a scheduled update. Keep your network up to date so things like this happens. In almost all cases, such worms and issues can be prevented if you're a little proactive.