The rapid spread of the Downadup worm only highlights the sad state of security in the enterprise.
The network worm, which exploits a long-patched hole in Windows, spreads itself in all sorts of ways — brute force attacks (highlighting the need for better passwords, and disabling logins after a small number of unsuccessful attempts), USB sticks (mitigated by simple device control, trivial through GPO), autorun/autoplay (these should always be disabled in an enterprise environment), and, of course, it’s use of an vulnerability that was patched in late October. Oh, and there’s a few other things, not the least of which is setting as many business accounts as possible to Limited User, decent web filtering, and so on.
Will there be lessons learned? Hopefully, as we move toward 4 million infected machines, there will be.
Alex Eckelberry