New worm infecting millions of PCs:
http://www.networkworld.com/news/2009/011409-researcher-worm-infects-11m-windows.html?nlhtsec=ts_011509&nladname=011509securityal

The patch was pushed out in October 2008.

that dull thumping sound you hear is my head hitting my desk...

I still say that give a few of these idiots a terminal case of lead poisoning...long distance and in 180 g BTHP doses would clear up the problem quickly. But then what about the millions of sheeple that can't be bothered to update, because it may possibly inconvenience them?

It can be exasperating to be sure, but its just a difference of understanding. Most of the people I help who don't update properly, don't do so because they were born and grew up with products that were complete on purchase. They look at the software they way they look at their car. They don't need to update the seats on their Kia, why update drivers on your software??? In that light, all these patches are just as exasperating to them as their lack of security is to us.

Thats how I explain it to them anyway. They aren't really buying a "finished" product, and Windows (in particular, and the most often culprit) needs to be updated, needs to have more "parts" installed to it or it won't run well...if at all.

This appears to be the KB958644 patch, correct?

The bulletins were MS08-067, MS08-068, and MS09-01. Patches should be included in the bulletins.

Thanks. :)

I am bumping this because of some user panic after a CBS network 60-Minutes piece on the infection ran this weekend and was predicting chaos when a new version of the Conficker worm activates April 1, 2009:

1) If you did install the Windows Update patch back in October 2008 you have nothing to worry about on your PC now.
2) If you worry you are really infected, there is a Conficker removal tool by several vendors available such as NAI-Stinger from McAfee.
3) There are now network scan tools for the worm's fingerprint that will let system administrators quickly detect PCs that may be infected so they can be removed from the network and cleaned before connecting to the web on April 1.
4) Apple users, Linux users, Unix users need not panic as it is a Windows OS worm, it does not directly affect you.

http://www.us-cert.gov/cas/techalerts/TA09-088A.html

Emails telling you to change your email passwords and identities will not do anything to protect you, it is just a bunch of nonsense being spread around trying to generate panic.

Informative and cool-headed reply - thanks. :)

This alone makes me glad that I'm still running good old windows 98SE. :)

This alone makes me glad that I'm still running good old windows 98SE.

I wouldn't be so complacent if this is to be believed (http://www.betanews.com/article/Conficker-Downadup-Kido-A-skunk-by-any-other-name/1232565761).

Windows of all shapes and sizes. The worm targets them all: Win95, Win98, Windows Me, NT, XP and Vista, along with Windows 2000, Windows Server 2003, and Windows server 2008. Oh, and Windows 7 pre-beta.

2) If you worry you are really infected, there is a Conficker removal tool by several vendors available such as NAI-Stinger from McAfee.

Here (http://vil.nai.com/vil/conficker_stinger/Stinger_Coficker.exe) is the link to the Conficker removal tool, as linked on the McAfee website.

I just thought it might save other members some time...

...and another quick way to find out if any machine you are working on, has had the patch applied:

1) Open CONTROL PANEL
2) Double-click Add or Remove Programs
3) Put a tick in the SHOW UPDATES checkbox
4) Scroll down, and make sure you can see that security update KB958644 has been installed - on the bottom line in the example attached.

So how do you know if you infected by this? Are there tell tale signs?

I've also been told not to use the internet for today and tomorrow but I figured that was just tin foil hat wearing stuff so I am not too worried.

I update my windows all the time by just clicking the "check for updates" button. Is that all I need to do for Window's patches?

So how do you know if you infected by this?

Conficker Detection Tool (http://www.mcafee.com/us/enterprise/confickertest.html)