David,
It is not necessarily true that people do not keep there systems updated with MS security updates.
MS is not quick in forthcoming with patches until a flaw is discovered.
You can't put the cart before the horse!
Talk about "new viruses"....read this which appeared on the net today:
http://www.cnn.com/2004/TECH/internet/06/25/internet.attack/index.html
I couldn't agree more, first comes the horse then the cart, but when the horse is one kilometer in front of the cart. many of these vulnerabilities were identified and patched a long time ago. The one we are talking about here was released in april, two months ago.
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
Issued: April 13, 2004
What I am trying to hammer home is to visit the update site regularly.
There does seem to be a limited infection before antivirus companies bring out the recognition and removal tools, etc.
However, many of the vulnerabilities are recognised by security companies and individuals who report it to MS, some put it in the media and some of the script kiddies may see it and exploit it.
But by far, it is after all the publicity about Microsoft releasing a security patch relating to that vulnerability, that there seems to be a much higher rate of infection. Is this the script kids/hackers, etc. exploiting the vulnerability?
So the moral is still the same, regular visits to windows update. MS now release updates monthly about the second week in the month, so that's when I pay my monthly visit.