Security vendor F-Secure was estimating Downadup infections at close to 9 million a week ago.
Three weeks into the worst worm outbreak in years and it's clearly still growing. While the malicious acts the worm commits -- blocking network access accounts, adjusting or disabling anti-virus and firewall settings, blocking Web access to anti-virus sites, and, of course, copying itself -- the undropped other shoe remains whether or not Dowanadup/Confickr is a major botnet waiting to be called into action.
If so -- and, frankly, even if not -- we have only ourselves to blame.
Or at least one in sixteen of us do: Downadup takes advantage of the critical but long-patched Microsoft vulnerability addressed in this security bulletin.
Check the date on that bulletin. You got it: three months ago today.
Happy anniversary: and the present is a massive worm outbreak that didn't get started until nine weeks after one of the most publicized patches in history was released.
We've known for some time -- forever -- that patching was poorly practiced by a certain per centage of the computing world. Downadup's spread is beginning to make clear what that per centage is.
Six or so per cent so far -- and climbing.
Anybody want to bet it won't hit 10 per cent? Or higher?
Didn't think so.