Full story here.
Don't forget to update your firewalls, antivirus and antispyware software and do Windows Updates ASAP. You only have 2 days from the day this was posted.
Printable View
Full story here.
Don't forget to update your firewalls, antivirus and antispyware software and do Windows Updates ASAP. You only have 2 days from the day this was posted.
Yikes. :? Thanks for posting that... Why the hell do people write worms like this??
You're welcome. I guess it's to attract attention, or maybe just pure boredom? In any way, it's still very sick.Quote:
Yikes. Thanks for posting that... Why the hell do people write worms like this??
I'm guessing it's to receive kudos from other hackers, to see who can create the most carnage!Quote:
Originally Posted by Mes Tarrant
Anyway, 1st April?? :roll:
10 years ago, yeahQuote:
Originally Posted by Adam
Today, it's all about organised crime
Folks, don't rely on your anti-virus software
One of Conficker's strengths (the thing that's made headlines for half a year) is it's ability to cripple anti-virus software, preventing detection (let alone removal)
Conficker infects a machine and lays dormant, waiting....
I don't know where this 1st April date comes from, but it's certainly waiting on a timer for something
You may want to watch this
http://www.cbsnews.com/video/watch/?id=4901282n
Observant viewers of the above may catch a glimpse of the security expert from Symantec using a different Operating System to monitor the infected Windows machine. Just for kicks, here's a screen capture
Attachment 1098
Anyway, this should be interesting to watch
(Haven't had a real nasty Windows infection for a while now)
Have fun :P
Ah... Thanks for that.
I don't think so, I think it is financially motivated, such a virus is worth millions.Quote:
Originally Posted by Adam
Macs FTW
Wait just a sec.
This couldn't possibly be... an April Fool's joke... could it? :P
Also considering the scan they offer in that article isn't compatible with Firefox?
Okay now that that thought has crossed my mind, I'm like 98% sure that this is a joke.
God fucking dammit. :P
I think the April 1st date is the joke, but the worm is very real. I think the reason people are worried, is because April 1st is a logical day for something like this to blow up.
Which is why the joke is so successful.. because it actually makes sense.Quote:
Originally Posted by Robot_Butler
It's just gotta be a joke. I think all the problems with the free scan is a dead giveaway.
A joke that all mainstream media has reported on in a serious fashion?Quote:
Originally Posted by Mes Tarrant
I doubt it... Turn on the news, read the paper, it's real.
Ok, googled Conficker and here's a quote from the first link that popped up (unrelated to whether or not it's a joke, but still important):
Microsoft issued a software update that protects computers from Conficker in October. Most anti-virus software will also stop it. The result is that while Conficker is spreading rapidly, it is mainly doing so in parts of the world where people haven’t updated their systems. About 29% of infections are in China, followed by Argentina, Brazil, Russia, and India, according to Symantec. Many of these countries are among those with the highest rate of software piracy, which probably isn’t a coincidence. Less than 1% of infections appear to be in the U.S. according to multiple security researchers.
Quote:
Originally Posted by Ynot
This. And were it personally up to me, I'd trigger Conficker the day after April fool's, just to be that much more of an ass.Quote:
Originally Posted by plg6067
Also, I thought the accepted term for a malicious software writer was 'cracker'. Hackers are the good guys hm?
with all due respect, it's a lot more complicated than just updating windows....Quote:
Originally Posted by Mes Tarrant
Conficker has had half-a-dozen variants and it is remotely updatable
The MS update in October 2008 patched against Conficker A
Bob gets infected (windows not patched)
Bill doesn't get infected (windows patched)
Bob's Conficker is remotely updated with a new attack vector
Bob infects Bill using the new attack vector
The newest variant of Conficker, C, was only launched on the 4th of March - that's less than a month ago
Here's a full analysis of Conficker C
http://mtc.sri.com/Conficker/addendumC/
This is going to be big
*edit*
Some nice quotes from the above analysis
Quote:
Finally, we must also acknowledge the multiple skill sets that are revealed within the evolving design and implementation of Conficker. Those responsible for this outbreak have demonstrated Internet-wide programming skills, advanced cryptographic skills, custom dual-layer code packing and code obfuscation skills, and in-depth knowledge of Windows internals and security products. They are among the first to introduce the Internet rendezvous point scheme, and have now integrated a sophisticated P2P protocol that does not require an embedded peer list. They have continually seeded the Internet with new MD5 variants, and have adapted their code base to address the latest attempts to thwart Conficker. They have infiltrated government sites, military networks, home PCs, critical infrastructure, small networks, and universities, around the world. Perhaps an even greater threat than what they have done so far, is what they have learned and what they will build next.
Quote:
Like Conficker B, C incorporates logic to defend itself from security products that would otherwise attempt to detect and remove it. C spawns a security product disablement thread. This thread disables critical host security services, such as Windows defender, as well as Windows services that deliver security patches and software updates. These changes effectively prevent the victim host from receiving automated software updates. The thread disables security update notifications and deactivates safeboot mode as a future reboot option. This first thread then spawns a new security process termination thread, which continually monitors for and kills processes whose names match a blacklisted set of 23 security products, hot fixes, and security diagnosis tools.
Quote:
Conficker C incorporates a variety of strategies to secure and defend its installation on the victim host. To do this, C employs several measures to cloak its presence, as well as measures to kill or disable security products that would otherwise detect its presence. C's assault on security products begins right away, just after its mutex checks (to detect new installs from reinfections). At each process initialization, it performs an in-memory patch of the host's DNS resolution services to prevent domain lookups to a variety of security product (and research) sites. C then spawns a separate thread to halt and disable security and update services, and then enters an infinite loop. There, it continually searches for and terminates active security products and patches. These steps are performed each time C is invoked.
Upon first installation, C installs itself and obfuscates its presence on the victim's host,. These steps allow it to avoid easy diagnosis and removal by an attentive user. It deletes all restore points prior to its infection to thwart rollback, and sets NTFS file permissions on its stored file image to prevent write and delete privileges. Most of this logic also appeared in prior version, but here we find some extensions and updates.
C also incorporates logic to disable Windows' firewall protection of certain high-order UDP and TCP ports. These firewall adjustments are not performed at initialization, but rather occur when C enters its network communication logic.
Microsoft has a nice Knowledgebase (specifically for Conficker.C worm) that may be helpful as well.
Here's the link http://support.microsoft.com/kb/962007
Also it's been mentioned that the Conficker worm, although while dormant will not allow a user to access www.microsoft.com , www.symantec.com or www.us.mcafee.com. Make sure you have accessibility to either of these as well.
--Edit-- If you're on an Apple system or running a Linux based system then you're pretty much immune from this particular virus, nothing to worry about.
I laughed at "This must be a joke", and it isn't even April's fools yet!
what do you mean "this particular virus".....? :PQuote:
Originally Posted by Switch
Anyway, survival of the fittest
Ready!
Go!
*edit*
On a serious note,
£10 says nothing happens tomorrow
The threat is very real
but I just don't trust this "1st April" date
I put it that way because Linux and Apple are not completely immune from viruses at all. No one is writing malicious code for them because of the user group numbers compared to windows based user groups numbers. If I were a hacker, chances are I would not write a virus for an OS that many people do not use. I'd try to do the most wide-spread damage as possible and to as many people as possible. :evil:Quote:
Originally Posted by Ynot
However I do think that one of the biggest vulnerabilities of Linux and Apple is that many users think it is not vulnerable to viruses.
I don't want to sound arrogant,Quote:
Originally Posted by Switch
but that's simply not true
*edit*
Google runs on Linux
Most banks run on Linux (the rest are proprietary UNIX)
The NSA runs Linux
etc.
etc.
etc.
basically, anything of any real importance runs a *nix OS
You think targeting someone's desktop machine is more valuable than targeting server farms and core infrastructure?
Desktop machines are small fry
Compromise a bank system and zero everyone's account
That'd be impressive
Exactly. That'd be impressive. Black hat hackers / malicious code writers (to call it that) don't really care that much about impressing, I think. By infecting tens of thousands of desktops they can also get the credit card data etc., and that's without trying to hack into an effin' bank.Quote:
Originally Posted by Ynot
Of course core infrastructure, server farms etc etc are way more important and are a way bigger deal, but that's exactly it - it's a way bigger deal. Infecting tens of thousands of desktops is easy (all relative of course) and you can also get a fuckload of money if you play it right.
That's not to say they can get away with it that easily, especially if they empty a shitload of bank accounts. But that's not exactly how it works.
indeed,Quote:
Originally Posted by TweaK
but it's only easy due to the OS of 85% of desktop machines
seriously,
Windows is targeted because Windows in inherently insecure
no more, no less
Also,
http://www.securityfocus.com/columnists/188
You're right in regards to everything you've mentioned but it doesn't disregard that a Linux based system is vunerable also. They are not as vunerable as windows but in the same retrospect it is vunerable. Because I am 100% sure that Google, The NSA and Most banks who are running Linux are running some kind of AV software. You don't know if you're going to get in an accident but you buckle up for your safety when you get into your car just in case, because it could happen and cars has crashed before.
There is no Anti-Virus software that scans for Linux viruses
because there are no Linux viruses in the wild
Anti-Virus software for Linux scans for Windows viruses
they are designed to be used on mail gateways and file servers which serve Windows clients
While not vulnerable to infections themselves, Linux machines can play a part in virus propagation
One Windows client can infect another Windows client, by sending a nasty email through a Linux mail server
*nix machines are only vulnerable to unauthorised access
Symantec has had an several AV's specifically for linux platforms for the past 7 or 8 years.Quote:
Originally Posted by Ynot
The AV software I've seen scanned files in the ELF format. I cannot remember the name of it but I will definately find it and link it to back up what I'm saying. All I'm saying Ynot is that Linux is not invunerable, there are viruses that has been written specifically for Linux in the past and there will be more written in the future.Quote:
Originally Posted by Ynot
I'm sure AV vendors will try to sell Linux Anti-Virus software
(there's been a very profitable market created for AV because of MS)
but it's snake oil
*edit*
a few more articles and things
http://www.linux.com/feature/60208
http://www.techthrob.com/2009/03/02/...gram-on-linux/
https://help.ubuntu.com/community/Linuxvirus
I can believe that. That one has crossed my mind before, especially if a certain AV vendor wants to put the lock on market.
I edited my previous post at the same time you posted the above,
so you may have missed this
Quote:
Originally Posted by Ynot
That's good information and I agree with the points in the links, but it still doesn't mean Linux is invunerable. Now perhaps users of Linux really do not need an AV and if so that's great. I don't buy it but it's great, on the other hand Linux users should take percautions just like any other sensible user who doesn't want their system to get infected. Even the first link supports this statement to a certain degree. Linux still gets updated security patchs because nothing is full proof.
So Linux users still have to make sure of certain aspects like being aware of poor SSH passwords to prevent an exploited code running against them.Quote:
Linux users, like users on every operating system, must always be aware of security issues. They must act intelligently to keep their systems safe and secure. They should not run programs with root privileges when they are not required, and they should apply security patches regularly.
I was merely just implying that Linux can have some problems as well as Apple and as well as windows. I know my knowledge is no where near what you know Ynot because I've seen you tech talk it up with a lot of people and 99% of the time you're right. So I'm not going against you dear, I'm not stupid. LOL
ok, so we agree about viruses :)
as for other things
I've always said that the threats are there but Linux is very well protected against them
have a look at this thread
http://www.dreamviews.com/community/...ad.php?t=72625
particularly my posts about destructive programs
Quote:
Originally Posted by Ynot
Quote:
Originally Posted by Ynot
And nothing happened!
Seriously, did Conficker even do anything today? Maybe everyone who had it is to confucked to say anything about it...
there's various honeypots set up by security people
wait a few days and they'll issue reports on any activity, including any new strains of the worm
