The latest version of this worm makes it look like a machine has been patched when a scan is run. One would think that Code Red, Blaster and Sasser would have everybody installing security patches regularly in some automated fashion. Microsoft provides free tools for admins to do this easily. There really is no excuse, yet networks like Southwest Airlines and CBS were infected anyway. It's the kind of thing that IT personnel should lose their jobs over because it's a very basic function of IT security and so easy to implement and FREE to implement as far as software solutions. Approving and applying security patches to all of our systems is simply a routine part of my job (including on our Ubuntu Linux and MAC systems because yes, there are security patches for Linux and MACs too!). While my department has a system down, I can't say that for all the departments in my system.
Another fairly unique attribute of this one is the ability to spread through USB flash drives. There are many that can spread through network drives easily, but generally, unless you transferred an infected file onto a USB drive unknowningly, you wouldn't have gotten a virus through the USB drive.
This whole thing has confirmed my decision to get my Masters in IT security. It was like a huge adrenalin rush for me yesterday to double check all of our systems through auditing our security logs to identify which of our systems weren't patched and why (mostly laptops that simply haven't been turned on in in months and months). I believe this is my next niche
Linear Mode
