You're going to make me fisk you...so much for change. >>I've read about this estimate and this number was derived from looking at >>results in the worm's code itself, making this calculation dubious. I'd >>place that number somewhere between WAG and spot-on. >> >>What's odd about the percentages of OS versions in the article I linked to >>is how much of it is Windows XP SP2, which turned on the firewall and >>auto-updates by default. That tells me that the users of these machines >>received them either very poorly configured or they themselves intentionally >>disabled these security components. > > I don't think reports of this fast-spreading worm were "dubious."
The worm is fast spreading alright; I never said otherwise. I only questioned the veracity of taking the worm's author at his word that X number of computers have been infected. That's where the 9,000,000 number came from. It may very well be that number, it may be much smaller or even greater. I'd be interested in seeing the final number from a reliable source when the dust settles. > I don't think it spreads because people "intentionally disabled these > security components." There are multiple routes of attack. There are 3 routes, all of which I have already posted: 1. Via the unpatched exploit -- Windows Update would have needed to have been turned off for it not to be patched on XP SP2/SP3 systems, of which there are a good number of, as would have been the firewall as well, since the worm communicates over inbound ports commonly blocked. 2. Via running with admin rights on a patched system. 3. Via a brutish-"ish" force admin password attack on ADMIN$ shares. I say "ish" as there is a preset list of passwords it tries. That's it. If you've read of others, let us know. > Yes, truth telling can be "irritating," but spreading misinformation is > both irritating and dangerous. The fact is that we have another major > Windows infection in the wild. It does not hit all Windows machines, but > it does hit a lot of them. Don't get me started on irritations. Feel free to show us anything of what I've posted is misinformation. ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
