QOTD on Conficker & Analysis by SRI

Leave it to the folks at SRI International to publish one of the best writeup on the workings on the worm and its impact on honeynets where it takes over as the dominant infection. They also just recently updated their Conficker worm analysis (see direct link to addendum below).

Why Conficker has been able to proliferate so widely may be an interesting testament to the stubbornness of some PC users to avoid staying current with the latest Microsoft security patches. Some reports, such as the case of the Conficker outbreak within Sheffield Hospital's operating ward, suggest that even security-conscious environments may elect to forgo automated software patching, choosing to trade off vulnerability exposure for some perceived notion of platform stability.

Src: An Analysis of Conficker | SRI International
Src: Addendum on Conficker C (dated March 19, 2009) [tx @evilalien]
Src: Additional Conficker links (SANS ISC)