What operating system would you like for your bank to be running?  How about Windows XP or Windows 2000?  Maybe even Windows Vista?  I ask this question because most banks are notoriously out of date with not only their operating systems but also the patches required to keep those machines secure.

Downadup the worm that has been proliferating across the Internet with the rage of a California wildfire uses a very simple technique to infect machines, Auto-Play.  This can be a useful feature especially when you insert a pendrive or other media in to a computer and need to access it quickly. It is also a feature that has been used by malware to help infect additional machines.

Imagine walking in to your bank.  You sit down in the office to get some information about opening an account or changing something with your current account.  The computer is right there in front of you but they are careful to have the screen filter on the monitor so you can’t see private information.  But the back of the computer is exposed and easily accessible.  What is preventing someone from inserting a USB pendrive into the computer with a silent Auto-play executable on it?

Most banks have not updated their operating system in many years and are very vulnerable to these types of attacks.  Windows XP for as much as people love it is one of the most vulnerable.  The patch to fix the hole Downadup uses to enter a system has been available since last October yet a large portion of System Administrators did not install the patch.

How many of those System Administrators were in charge of banks?  Make sure you check your bank statements….