The US CERT web site started the year showing, on its summary of the most frequent, high-impact security incidents, eight exploits that are not all completely new. MyDoom, Bagle and Sasser are all names that are recognizable from 2004, Zafi and Sober have been around for a bit, and only the Santy worm is a recent addition.
While the names are all recognizable, these are not the original exploits – they are variants. Virus writers continue to tweak these things to bypass the protection that organizations install and to exploit new software vulnerabilities. This threat becomes more serious when one realises that virus writers, hackers and spammers are increasingly co-operating to create networks of zombie computers (‘botnets’) and bypass computer defences.
The answer to every single one of the exploits identified by CERT is a combination of installing anti-virus software, keeping it updated and applying software patches as and when Microsoft release them. I guess the fact that these exploits are still so prevalent is clear and damning evidence that there are still too many organizations – and private individuals – who are still not current on either.
Isn’t it about time we started treating unpatched, unprotected computer users the same way that we treat drunk drivers?