Conficker

Conficker (also known as Downadup) has dominated security headlines for months. Today — April 1, 2009 — media coverage peaks because variant Conficker.C is programmed to check a larger set of domain names for update instructions. The worm has not melted the internet overnight, but the attention is useful if it pushes lagging patches out the door. Defense is mostly discipline, not mystery. How It Spreads Conficker exploits failures administrators have warned about for years: ...

It’s not possible to emphasise enough the importance of using sensible passwords on your network. Not just on the areas of your network that you don’t want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003. One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords. ...