I guess you have read it in the meantime: There are a lot of reports out there, that Finjan found a Botnet affecting 1.9 Million computers. This is really bad – obviously. The press now started to cover this and I think we are already losing a little bit of focus in the discussion. I tried to understand what was going on based on the publically available information.
What does this tell us? Well, is it not the same story as always? There are three things that went wrong here:
- Machines were unpatched (and not only IE)
- People are running as Admins
- The AV-signature was/is not up-to-date. We even remove the Trojan if you are infected…
So, the Botnet is huge and therefore dangerous and it is definitely a criminal activity to infect people’s machines. But there are ways to protect…
As always, if you think that you are infected, report it to your local Law Enforcement. You may contact our support (free of charge for security incidents) on http://support.microsoft.com/security. And then follow the standard steps of the “Protect Your PC” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software.