Conficker worm baffles investigators(set for April 1 launch)

Stuff that’s happening in the world that may pertain to our survival. Please keep political debates off the forum.

Moderator: ZS Global Moderators

Tobian
*
Posts: 53
Joined: Fri Aug 17, 2007 10:01 am
Location: St. Louis MO

Conficker worm baffles investigators(set for April 1 launch)

Post by Tobian » Thu Mar 19, 2009 1:47 pm

http://www.marketwatch.com/news/story/c ... dist=msr_3" onclick="window.open(this.href);return false;
Investigators far and wide tackling the problem -- known collectively as the Conficker Cabal -- surmise the virus is designed to send instructions to infected computers April 1.
http://www.securitypronews.com/insiderr ... aunch.html" onclick="window.open(this.href);return false;
Security researchers have sent out notice about a worm set to hit the wild on April 1, making the situation no laughing matter. Conficker.C, the latest variant of Conficker.A and Conficker.B-both of which have been shut down by some crafty reverse engineering-isn't quite as nasty as its predecessors, in the same way Lil Kim isn't quite as nasty as 2 Live Crew.
http://www.nytimes.com/2009/03/19/techn ... tml?ref=us" onclick="window.open(this.href);return false;
An examination of the program reveals that the zombie computers are programmed to try to contact a control system for instructions on April 1. There has been a range of speculation about the nature of the threat posed by the botnet, from a wake-up call to a devastating attack.
OK not quite a disaster(yet?) but worthy of note and discussion I think.

User avatar
raptor
ZS Global Moderator
ZS Global Moderator
Posts: 17060
Joined: Sun Mar 04, 2007 10:18 pm
Location: Greater New Orleans Area

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by raptor » Sun Mar 22, 2009 9:57 am

I use a variety of software at my operation to combat on line threats like this. Does anyone know if there is a way to tell if your system is infected with this virus? My tech guy reassures me we are cool but shit like this always worries me.

Anyone have additional information?

Baba Brad
* * *
Posts: 787
Joined: Fri Nov 14, 2008 8:04 am
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by Baba Brad » Sun Mar 22, 2009 10:15 am

One reason I run Linux, less chance of my computer being infected. Now, the house computer, that's another question. But, I also keep my anti-virus updated and constantly update my trojan detection software.
1.S.1.K wrote: :twisted: ZS, It always comes back to sheep.

nimdabew
* * * * *
Posts: 9345
Joined: Fri Aug 29, 2008 8:27 am
Favorite Zombie Movies: DOTD
I am ledgend
Location: Seattle, WA

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by nimdabew » Mon Mar 23, 2009 9:53 pm

What do you think it will do? Call some pizza joint with the same order over and over and over again? I think that would be pretty funny. Pizza hut has an internet order thing, and the tickets print at the printers pace. When there are multiple orders, it just keeps printing until it gets to the end. How funny would it be to have every infected computer make an anchovie pizza for pick-up at exactally the same time?
Thanks Anianna!
Image
12_Gauge_Chimp wrote:I say when Wee Drop visits the US, we make her ride a goat. You know, like those little monkey cowboys they have at some rodeos. :lol:

User avatar
ironraven
* * * * *
Posts: 3009
Joined: Thu May 03, 2007 7:31 am
Location: Vermont

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by ironraven » Wed Mar 25, 2009 6:04 pm

AFAIK, pretty much any computer who's window and/or AV updates are, well, up to date should be ok.

It is the millions of unsecured windows machines that are the danger. That isn't any of you lot, is it?
"Even if it's only the handful of people I happen to meet on the street or in my home, I can still protect them with one sword."

When a man go no longer speak without malice intended lest he cause offense, that is when truth starts to die.

There are three kinds of man- Man the Toolmaker, Man the Tool User, and man the tool.

User avatar
dkhoward
* * *
Posts: 473
Joined: Thu Dec 18, 2008 11:11 am
Location: West Texas

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by dkhoward » Wed Mar 25, 2009 6:32 pm

raptor wrote:I use a variety of software at my operation to combat on line threats like this. Does anyone know if there is a way to tell if your system is infected with this virus? My tech guy reassures me we are cool but shit like this always worries me.

Anyone have additional information?
Microsoft has several white papers in their knowledge base about this, a fix that should plug the vulnerabilities and, I think, a small piece of software that will scan you computer for this particular virus.
Zombie Fleet #0124

"Alcohol, Tobacco, and Firearms should be the name of a convenience store, not a government entity!"

User avatar
phil_in_cs
ZS Member
ZS Member
Posts: 11424
Joined: Fri Dec 28, 2007 4:18 pm
Location: central tx

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by phil_in_cs » Wed Mar 25, 2009 6:38 pm

nimdabew wrote:What do you think it will do?
It is trivial to write a program that deletes every non-open file on a drive. March that through the available devices, and you could delete every file you have rights to, locally and on your network.

Getting the worm spread and hidden is non-trival, but causing destruction is simple.
Don't confuse a belligerent and aggressive attitude with the strength, training, and conditioning needed to prevail in a fight. How do you know you have the Will To Win, if you don't even have the will to train?

JibbaJabba
BANNED
Posts: 2317
Joined: Wed Jun 11, 2008 9:11 pm
Favorite Zombie Movies: Shaun of the Dead, 28 Days/Weeks Later
Location: Fort Hood, Texas

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by JibbaJabba » Wed Mar 25, 2009 6:48 pm

raptor wrote:I use a variety of software at my operation to combat on line threats like this. Does anyone know if there is a way to tell if your system is infected with this virus? My tech guy reassures me we are cool but shit like this always worries me.

Anyone have additional information?
Avast, Icesword and Hijackthis to name a few.


If you're botted, odds are your system's rooted.

If that's the case, I really hope for your sake that your operating system and storage are on two separate partitions, or at the very least that you have a ghost image ready to overwrite your hard drive with a known good OS.

I don't, because I know how not to get infected. I don't click on emails that are obviously not from my family. Even those I scrutinize, and usually phone the person who sent it to make sure that it was, in fact, sent by them - and not malware on their puter.

Of course, there's always the (statistically small) danger of a virus or worm out there that utilizes system vulnerabilities to get in, instead of human stupidity..

But with all the different patches and updates and service packs and third party protective software out there, most hackers consider it much more time efficient to just write their malware to spread via stupidity (CLICK HERE FOR FUN! CLICK HERE FOR A LARGER PENIS! CLICK HERE TO PET A BUNNY!).

And they're right to do so, of course.
PlE or GTFO! Image
bonanacrom wrote:I found that if your 6 feet tall and weigh 260 pounds and answer the door naked with a big shit eating grin on your face you get to control the conversation right from the beginning.

User avatar
airballrad
ZS Global Moderator
ZS Global Moderator
Posts: 2843
Joined: Mon Sep 03, 2007 11:16 am
Location: Sarasota, FL
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by airballrad » Wed Mar 25, 2009 8:33 pm

raptor wrote:I use a variety of software at my operation to combat on line threats like this. Does anyone know if there is a way to tell if your system is infected with this virus? My tech guy reassures me we are cool but shit like this always worries me.

Anyone have additional information?
http://support.microsoft.com/kb/962007
From the horse's mouth.

Scroll to the Recovery section and download the MSRT. If you have any concern that you may be infected, running this will detect it and aid if not completely effect the removal process.

User avatar
Valarius
* * * * *
Posts: 3231
Joined: Thu Jun 03, 2004 12:42 am
Favorite Zombie Movies: Shaun of the Dead and many of Romero's films.
Location: Around Nevada.
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by Valarius » Wed Mar 25, 2009 9:44 pm

It is the millions of unsecured windows machines that are the danger. That isn't any of you lot, is it?
Valarius' Helpful Guide to Anti-Virus Protection

1. Find the cord/equipment that connects your favorite computer to the internet.

2. On March 30, unplug the cord/equipment from the computer.

3. Keep unplugged for as long as you like.

Your computer is now 100% secure from viruses, trojans and other assorted computer threats. Enjoy. :lol:
See you around, HK. And remember folks: victory is surviving to watch another sunrise.

My female avatar is Saeko Busujima from High School Of The Dead. I'm a dude. :mrgreen:

Homeless survival techniques.

JibbaJabba
BANNED
Posts: 2317
Joined: Wed Jun 11, 2008 9:11 pm
Favorite Zombie Movies: Shaun of the Dead, 28 Days/Weeks Later
Location: Fort Hood, Texas

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by JibbaJabba » Wed Mar 25, 2009 10:51 pm

Something that bothers me:

If I were a hacker with thousands upon thousands of botted computers programmed to phone home for new instructions, would I let the date they were supposed to phone home leak?

Hell, would I even set it so they'd all call home at the same time? Why not set it up on a random number generator so they're not all generating immense amounts of traffic simultaneously? That sort of thing is easy to spot from a network operations center.
PlE or GTFO! Image
bonanacrom wrote:I found that if your 6 feet tall and weigh 260 pounds and answer the door naked with a big shit eating grin on your face you get to control the conversation right from the beginning.

Cain
* *
Posts: 145
Joined: Mon Apr 07, 2008 11:23 pm
Favorite Zombie Movies: Fido
Location: Colorado
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by Cain » Thu Mar 26, 2009 4:09 am

This smells strongly of "blown way out of proportion".
You see, when night falls and you close your eyes to sleep and dream, I have seen the things that you can only dream about. I have been there. I was lost at sea for a long time. But I have been there. Oh yes. All the way and back.

User avatar
That German Guy
* * * * *
Posts: 1672
Joined: Thu Jan 17, 2008 8:59 pm
Location: Close to Germany's largest urban sprawl.

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by That German Guy » Thu Mar 26, 2009 5:57 am

Cain wrote:This smells strongly of "blown way out of proportion".
It depends. Conficker (Interestingly, ficker is "fucker" in German) has spread very wide, and any malicious code it acquires by phoning home can cause great damage.

It could be an elaborate prank of course, like that CD drive closer/opener virus that went around back in '93, which would just open and then close any unused CD drives randomly.
SMoAF wrote:We all ended up moving in together at one point, and I paid our rent in guns.
Vicarious_Lee wrote:No one on ZS worth their membership would be in a frozen forest, alone, without being loaded out like they've got Les Fucking Stroud himself in their enormous and ergonomic backpack.

User avatar
airballrad
ZS Global Moderator
ZS Global Moderator
Posts: 2843
Joined: Mon Sep 03, 2007 11:16 am
Location: Sarasota, FL
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by airballrad » Thu Mar 26, 2009 6:11 am

JibbaJabba wrote:Something that bothers me:
If I were a hacker with thousands upon thousands of botted computers programmed to phone home for new instructions, would I let the date they were supposed to phone home leak?
It all comes down to motivation. If the writer was trying to slip under the radar with this, then they're probably pissed. Someone got ahold of the virus and decompiled it or whatever and got more of a scoop on it than he wanted. But it's also possible that this is just graffiti on a grand scale. And in that case, the hype over this is just ego-stroking, which was the goal all along.

User avatar
thefirebuilds
* * * * *
Posts: 1978
Joined: Thu Nov 27, 2008 11:19 pm
Favorite Zombie Movies: sean of the dead...

that one where the nazis come out the water...?
Location: Southeastern Wisconsin
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by thefirebuilds » Thu Mar 26, 2009 9:56 am

we're planning on being busy that week :-\
A real outdoorsman only needs a knife and a harmonica.

User avatar
andygates
* * * * *
Posts: 4264
Joined: Thu Mar 22, 2007 11:33 am
Favorite Zombie Movies: ROTLD 2 ;)
Location: UK
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by andygates » Thu Mar 26, 2009 3:15 pm

Conficker's been spreading fast because it takes advantage of user familiarity: see a familiar icon, mash "OK" and "Next" until the icon goes away. But all the antivirus players have been catching it for well over a month. Ain't going to end the world.
That German Guy wrote:It could be an elaborate prank of course, like that CD drive closer/opener virus that went around back in '93, which would just open and then close any unused CD drives randomly.
Most modern virus fun is driven by crooks, not pranksters - the days of the happy hacker are a fuzzy glow in the past. I'd love to be proved wrong but I'll bet it's just another "phone home with personal data" schtick giving people's plastic to the bad guys.
Czechnology: "If you have to ask an internet forum for confirmation on whether or not a Revolution is coming, the answer is always no."

Free UK & Ireland Street and Topo maps for Garmin: ravenfamily.org/andyg/maps (updated weekly) - OpenStreetMap

JibbaJabba
BANNED
Posts: 2317
Joined: Wed Jun 11, 2008 9:11 pm
Favorite Zombie Movies: Shaun of the Dead, 28 Days/Weeks Later
Location: Fort Hood, Texas

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by JibbaJabba » Thu Mar 26, 2009 3:18 pm

Identity thieves do this because it works.

Don't be dumb, people.

Don't click on stupid shit. Don't open email - 99% of it is spammers or hackers anyway. Phone the people who emailed you to make sure it's really from them. Don't open shit in messengers.

BE PARANOID. Seriously, it helps.
PlE or GTFO! Image
bonanacrom wrote:I found that if your 6 feet tall and weigh 260 pounds and answer the door naked with a big shit eating grin on your face you get to control the conversation right from the beginning.

User avatar
suntzu
* * * *
Posts: 933
Joined: Mon Jan 07, 2008 11:22 pm

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by suntzu » Thu Mar 26, 2009 3:47 pm

Funny how the start date is April Fools' Day.

User avatar
ironraven
* * * * *
Posts: 3009
Joined: Thu May 03, 2007 7:31 am
Location: Vermont

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by ironraven » Thu Mar 26, 2009 7:11 pm

Suntzu, most years there is a virus or something similiar with 4/1 as it's trigger date. Everyone thinks they so are witty, but most are lucky if they are half right.
"Even if it's only the handful of people I happen to meet on the street or in my home, I can still protect them with one sword."

When a man go no longer speak without malice intended lest he cause offense, that is when truth starts to die.

There are three kinds of man- Man the Toolmaker, Man the Tool User, and man the tool.

User avatar
airballrad
ZS Global Moderator
ZS Global Moderator
Posts: 2843
Joined: Mon Sep 03, 2007 11:16 am
Location: Sarasota, FL
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by airballrad » Thu Mar 26, 2009 7:32 pm

ironraven wrote:Everyone thinks they so are witty, but most are lucky if they are half right.
Image

User avatar
Explorer
* *
Posts: 270
Joined: Sun Sep 14, 2008 12:15 pm

Re: Conficker worm baffles investigators(set for April 1 lau

Post by Explorer » Sat Mar 28, 2009 2:20 am

Post removed by author.
Last edited by Explorer on Sat Apr 30, 2011 9:12 pm, edited 1 time in total.

THROBGOD13
* * *
Posts: 311
Joined: Sat Sep 06, 2008 2:28 pm
Favorite Zombie Movies: Dead Snow

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by THROBGOD13 » Sat Mar 28, 2009 3:27 am

format, reinstall..
Image

User avatar
andygates
* * * * *
Posts: 4264
Joined: Thu Mar 22, 2007 11:33 am
Favorite Zombie Movies: ROTLD 2 ;)
Location: UK
Contact:

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by andygates » Mon Mar 30, 2009 12:39 pm

JibbaJabba wrote:Identity thieves do this because it works.

Don't be dumb, people.

Don't click on stupid shit. Don't open email - 99% of it is spammers or hackers anyway. Phone the people who emailed you to make sure it's really from them. Don't open shit in messengers.

BE PARANOID. Seriously, it helps.
You phone people who email you?

You don't get as much mail as regular humans do :)

You're right about "don't be dumb" though - READ the dialog boxes. Filter your spam. Definitely never open attachments unless you know what they are. And get and UPDATE antivirus. But really, phone folks? May as well not use email.

Conficker, IIRC, doesn't spread by mail so much as on infected sticks. Heh.
Czechnology: "If you have to ask an internet forum for confirmation on whether or not a Revolution is coming, the answer is always no."

Free UK & Ireland Street and Topo maps for Garmin: ravenfamily.org/andyg/maps (updated weekly) - OpenStreetMap

User avatar
El Maximo
* * * *
Posts: 975
Joined: Sun Aug 21, 2005 4:43 pm

Re: Conficker worm baffles investigators(set for April 1 launch)

Post by El Maximo » Mon Mar 30, 2009 1:05 pm

(The day after) tomorrow is the big day. In the vein of disaster preparedness, i'd like to see comments from anyone affected by whatever it is about to happen. Computers are an important part of today's lifestyle...so important that anyone seriously affected by computer flu can't post about their experiences. 8)

Anywho, the request is out there, assuming something tangible actually goes down.

EDIT: Calendar illiteracy
Lonestar wrote:Possum jerky beats inner cabium nutrition anytime.
El Maximo, zombie thwarter extrodinaire!

Post Reply

Return to “Disasters in Current Events”