Last week, the botnet created by Conficker machines started to update itself through the built-in peer-to-peer update mechanism. The latest variant, Conficker.e, now downloads a rogue anti-spyware application called SpywareProtect2009, and asks users if they want to clean their system for a price of USD 49.95. In fact, it will only remove fictional components, leaving the real malware intact. This new variant is scheduled to function until May 3.
The Sophos Endpoint Assessment Test is a free online test which checks if you have all the latest patches and service packs installed, whether or not you're running a firewall and antivirus software, and if those are all up-to-date and running. If you take the results from this test from just March of this year, 10% of the people using this test had not installed the now six-months-old security patch from Microsoft that prevents the Conficker worm from infecting Windows machines. This patch was released well before Conficker got out in the wild.
It is literally appalling to see so many computers out there who have not been properly kept up-to-date. I can understand problems home users might have with this - up to a point - but seeing so many professional institutions with IT staffs getting infected by Conficker just shows how utterly incompetent these so-called "IT-pros" really are. There is only so much stupidity and laziness you can counter with updating mechanisms and prompt patching.
If I were responsible for one of these infected networks at important organisations - the UK Royal Army, the German Bundeswehr, and others - I'd seriously reconsider my employment status.