New Conficker Variant Increases Its Flexibility

CWmike writes "Criminals behind the widespread Conficker worm have released a new version that could signal a major shift in the way the malware operates. The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines."

This is slashdot right?

[blool]

Why is the summary so devoid of technical detail? You realize we don't read the articles right?

Re:Meep Beep!

[v1]

I know this is a very unpopular view with a lot of people, but I'd personally like to see a major worm like this pop a msg saying your computer has been taken over and is available to be used to harm others. you need to take your computer into the repair shop and get it cleaned up and protective software installed".

And then make windows unable to do anything but display that message when it boots.

Half the population would be picking up pitchforks, and the other half would be saying THANK you!

I for one am sick and tired of ignorant computer users getting their machines botnetted, blissfully unaware of the harm they are then contributing to. (and many of them are aware and just plain don't care)

Do the world a favor. MAKE them care.

Re:If you're running as non-administrator....

[dbIII]

As an example, the only reason some of the computers run MS Windows XP in my workplace is because some idiot wrote an in-house application under some bastard son of VB which needs write access to the root of the C: drive. To run this single user at a time database application the user needs to run as administrator. There are a lot of idiots doing such things.

While it's possible to make large mistakes with open software the majority of idiots are on the descendants of VB - however I have one python developer that has to turn off one core of his laptop to make his scripts run! Multi-cpu systems are so mainstream that there are even two processors in handheld nintento games yet developers write code that would be inadvisable in 1995!

To sum up - the reason people run as administrator is due to very poor software development and the stupid basket weaving approach we use to write most code instead of seeing things as projects.

Re:If you're running as non-administrator....

[dbIII]

Somehow the 1960s problem of race conditions gets him if he has more than one processor running. I really do not understand how it can be so broken, but that is why he is insisiting on turning off the second CPU in the BIOS on the machines that use his stuff (ie. he doesn't get his software on the production cluster and waste 7 CPUs per node - he gets told to piss off and read a textbook).

As for the .net problem, it's a case of the configuration file for the application getting written the root of the system drive! It's a flat file database implemented poorly and among other wonders it has a lockfile in case two people are using it at the same time to prevent corruption. I really do not know why the programmer didn't look at one of the thousand examples of simple data handling done well, but it's basket weaving not engineering.

The annoying thing is some people were migrated from linux to XP with an X windows program just to use this in house bit of rubbish that requires ringing around to see who has locked the file before they can even use it. It is the only MS Windows specific application they use - thunderbird, firefox, openoffice etc is all cross platform and the majority of their work is done on a linux cluster which requires X Windows anyway (add $500 more after XP to use that).

Re:This is you on windows

[Anonymous Coward]

And they keep coming back to Windows.

"Oh, I KNOW Windows loves me. All the abuse is my fault. I deserve it!"

In this case it actually is. This worm is only targeting all the smartasses turning off windows update because they think they know better (whether sysadmins or personal users). This was patched months ago.

Re:This is you on windows

[Anonymous Coward]

"Oh, I KNOW Windows loves me" - by Chris Tucker (302549) on Friday February 20, @07:50PM (#26937217) Homepage

It does, because it does ME, & I have yet to be infected/infested for decades online now...

You can have the same results, simply IF you can read english & apply what is noted here to secure yourself (1-2 hrs. of work for YEARS of uptime, stability, & bugfree operation):

HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, plus make it "fun-to-do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=e692b654cf47859bebf9e4380bec3a03&showtopic=2662 [tcmagazine.com]

----

"All the abuse is my fault. I deserve it!" - by Chris Tucker (302549) on Friday February 20, @07:50PM (#26937217) Homepage

It's the fault of Microsoft for shipping OS in such a relatively unsecured state (&, it doesn't HAVE to be that way, because tools like SCW (server configuration wizard) exist in MS Windows variants, such as Windows Server 2003 for example, & it OUGHT to be run right after setup is completing... but, it's not, for example), &, the fault of the misguided fools that create these machinations...

I will say 1 thing in defense of the people that create malware in general (as I call it) - they ARE pointing out FUNDAMENTAL flaws that exist in default OS setups, but, that's about it, because their talents COULD be put to use elsewhere... but, as far as saying they are "talented" in this "art & science"?

Hey - ANYONE can be bogus & destructive: It's "TOO EASY"... quite another to be creative for useful things, vs. creating virus & such!

Anyhow/anyways:

NOW - IF you just "smarten up", & disable the SERVER service (which this worm exploits a bug in), because you generally (as an end-user on a single machine online via the internet only & NO home or work LAN/WAN connectivity needed) for 1 thing, & then watch it with javascript usage in your webbrowsers (meaning do NOT use it on "every site online under the sun", & ONLY on the sites you absolutely NEED javascript active for, for proper full function?

You CAN stay clean, & uninfected... &, even vs. THIS particular worm & its variants...

APK

Re:This is you on windows

[Anonymous Coward]

I'd have to STRONGLY wager that if (insert OS type here) was as dominant a force as Microsoft Windows is today (& has been for more than 19++ yrs. now in the world of personal computers @ least), MacOS X or Linux (or whatever) would be getting as much heat from the malware makers as does Windows today.

E.G.-> IF you were a malware maker today, wouldn't YOU target the biggest mass of users you could? Sure you would, & ESPECIALLY today (they've shifted from messing up your machine, to taking YOUR MONEY instead, or using your machine as a slave), & ESPECIALLY targetting the MOST USED OS THERE IS - Windows.

Thus, imo @ least?? IF Linux or MacOS X were "top dog", market-share-wise??? They'd be under the SAME type of fire by the misguided folks that make malwares.

APK

P.S.=> Trust me, because for instance/E.G.-> MALWARE THREAT TO GNOME and KDE: http://it.slashdot.org/article.pl?sid=09/02/17/1526244 [slashdot.org] - & also A Worm for your Apple: http://www.beskerming.com/commentary/2007/07/18/222/A_Worm_for_Your_Apple [beskerming.com] OR Worm Threat Forces Apple To Disable Software? -> http://it.slashdot.org/it/07/08/03/1451217.shtml [slashdot.org] &, the list goes on... want more? I will gladly supply them.

Thus, as you can see?

The other alternate OS types for X86 based computers also have vulnerable (or, potentially vulnerable) components, just as Microsoft products do... they just aren't as attacked because they are NOT used as much, & thus, present a more 'available' target mass... apk