Scary. USA Today reports that the vulnerability exploits are so targeted and numerous, that it takes 4 (FOUR) minutes for a clean unpatched Windows XP machine connected to the Internet to become a zombie and a “virtual soldier” in a botnet.

While most break-in tries fail, an unprotected PC can get hijacked
within minutes of accessing the Internet. Once hijacked, it is likely
to get grouped with other compromised PCs to dispense spam, conduct
denial-of-service attacks or carry out identity-theft scams.

While the fact that unprotected and unpatched Windows XP PC, left connected to the Internet, will become “hijacked” quickly is not surprising, the time and the intensity of the probes show an increasing and alarming rate of probes. A graph by the Internet Storm Center showing the “survival time history” indicates that while last November the average survival time was 60 minutes, this October it has fallen to 10 minutes.

What is the moral of the story - don’t connect unpatched and unsecured machines to the Internet. Period. This gets into a catch-22 situation - when you receive your new PC and you need to download and install Service Pack 2 the temptation is great to connect the PC to the network, and start the Internet install. Don’t do it, or your new PC will be a zombie spam warrior of a large botnet.