Conficker Downloads Payload 273
nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."
Holidy Weekend. (Score:5, Interesting)
Re:actual article (Score:5, Interesting)
I gotta ask (Score:3, Interesting)
Why didn't someone infected with this, say last month, change their pc clock ahead to April 1 to see if it downloaded stuff or not? Then April 2, then April 3, etc.
Duh.
Re:april fools? (Score:5, Interesting)
Re:april fools? (Score:2, Interesting)
In this case everyone was growing to expect just that, and would therefore be taking it seriously. Or at least people that could do something about it would. Now, since nothing much has happened people are lulled into a false sense of security and become lax or start considering the threat that something big was happening on 4/1 the real joke.
Now that the hype has supsided, what better time to strike? I think that dovetails nicely with GreggBZ's earlier post about the holiday weekend (for some of us).
Re:That's just ridiculous.... (Score:5, Interesting)
to be fair, the British government didn't deliberately starve the Irish, instead they were proponents of 'free market forces'. They didn't have supermarkets or microwave readymeals in those days, so a staple foodstuff like the potato was pretty much all you ate anyway. Of course, if you were rich you could afford meat - like the cattle raised in Ireland for English tables. The landlords got richer and the poor stayed poor.
The trouble was that the blight reduced the number of potatoes in circulation, and as other people were richer, they could afford to pay more - and so the farmers shipped their potatoes to the richer people, leaving the peasants to starve. As has always been the way.
Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports. Too late for most of course, but don't get incompetence confused with conspiracy.
There's been too much FUD about the potato famine, I suppose spread for modern political reasons. The truth is just dull, the government took a 'light touch' approach to the markets. Unfortunately this approach to 'hands off' free-trade doesn't give what society requires, with such lax input from governments, the free market doesn't always work correctly and you have monopolies appearing and abusing the freedom that should be providing a better set of choices. For computers, its no good saying "you could run Linux" if everyone needs to run Windows because of the ubiquity of software running on it.
Protectionism is the last thing you want, when you get that, you invite stagnation. There's no innovation of growth, the established parties simply try to maintain their market with what they've got. Developing new products is a significant cost - and without free trade getting in the way and allowing new entrants to the market, there's no incentive to spend. Of course you might get new upstarts appearing, but that happens so rarely, and most of them are small and get killed off by the established big players either by being bought out (name any MS product really) or having their market destroyed (eg IE v Netscape).
Ultimately the government needs to step in and support open standards, making sure everyone works with them. Then you can have much better spread of heterogeneous systems as they would work together, giving people the ability to choose an alternative to the dominant product.
Re:Potato Blight for computers (Score:5, Interesting)
That is the definition of 'security through obscurity'. I would not want to run an insecure system and hope to be safe because nobody else had heard about it. True security means using well-known and peer-reviewed code (but not 'well known to be crap').
Re:Patch? (Score:2, Interesting)
Why would you need to patch if nobody has a clue about how to attack your system?
Because if even one system in your heterogeneous environment is exploitable you have just given them an easy backdoor to the rest of your system. If all systems aren't patched up you've only created a false sense of security and you've increased your maintenance costs many magnitudes higher for some "security through obscurity" scheme.
Re:I gotta ask (Score:2, Interesting)
The AC is confused though; researchers did all of that, they even have some sort of access to the randomly generated domain list (I get the impression that they have the algorithm, rather than doing some sort of playforward attack as is being discussed here) that is checked for downloads. The core issue is that there had not been anything to download, so all they were able to do was (potentially) confound the operators.
I would go so far as to say that they have been attacking the p2p vector, but since it requires the cooperation of the administrators of the compromised machines, they didn't get very far.
Re:Ahhhhhh... (Score:1, Interesting)
My triple-booting Mac/Vista/Linux laptop is also amused (and clean on all partitions :D).
Re:That's just ridiculous.... (Score:4, Interesting)
You are correct that there are only one Linux kernel, but there are other free [debian.org] UNIX kernels [debian.org] you could use instead. When it comes to compilers both LLVM [llvm.org] and GCC [gnu.org] are widely used. (LLVM is used in Gallum3D [tungstengraphics.com], the new acceleration architecture for X, and in Shark [java.net], a CPU agnostic JIT for OpenJDK. A C frontend [llvm.org] not based on GCC is in development) There are many shells. Ubuntu, a quite popular Linux distro, actually uses dash [wikipedia.org] as default /bin/sh. While it's true that only OpenJDK (if I recall correctly) passes the TCK for Java you also have competing implementations like Harmony [apache.org], what Google uses on Android. You have more competition on the parts of the Java stack that takes less [gnu.org] time [cacaovm.org] to implement.
Re:Potato Blight for computers (Score:5, Interesting)
Except in such a case you just have to exploit one box and you get access to the rest. There went all your brilliant planning and schemes.
No, you would probably just get access to the one box (and others identical to it). You generally would not get access to the other boxes, unless they share essentially the same vulnerability. GP's point was that a monoculture can be devastated by a single assault, but a mixed ecosystem is much more difficult to damage severely.
Minor clarification of GP post: the potato crop in Ireland in the 1840s was dominated by a single variety of potato - the Lumper - which exacerbated the effect of a single strain of potato blight. The equivalent in computers would be all PCs running the same version of Windows with the same selection of programs, patches and protections: a disaster waiting to happen.
Re:Patch? (Score:2, Interesting)
Sure, if your sysadmin is an idiot. If one box being compromised results in full access to all boxes on the network, your system is poorly designed.
Strawman argument. No where in my statement did I say anything about having full access to every other box on the network through that one node. But, once an attacker has an inlet into the network they can then move on to compromise other systems which may have greater access to other parts of the network. The simple fact of the matter is that the systems on the network are going to have to have some level of access to each other otherwise there is no point in networking them up together.
Re:That's just ridiculous.... (Score:4, Interesting)
Protectionism worked for the US from the 1800's all the way up till the 1980's. We got to the moon using protectionism as an economic tool. I'm just saying.
Re:Potato Blight for computers (Score:2, Interesting)
No, you would probably just get access to the one box (and others identical to it). You generally would not get access to the other boxes, unless they share essentially the same vulnerability.
By "access" I didn't mean you would then have full access to everything on the network. By access I meant you would have an entrance point to the network and then would be able to access whatever other computers that the node you exploited has access to. Through that entrance point you would then be able to scan and attempt to exploit any computers it can access.
GP's point was that a monoculture can be devastated by a single assault, but a mixed ecosystem is much more difficult to damage severely.
So it is claimed, but there are numerous cases of people breaking through heterogeneous systems so this claim is a bit lacking.
Re:Holidy Weekend. (Score:3, Interesting)
A friend of mine did similar. His vehicle has two 25 gallon gas tanks. So, he routed one so it filled up from a non-obvious location and the second tank he filled up with water and used a non locking gas cap. It was not uncommon to see more than the usual amount of dead cars in parking lots, especially during last year when the price of gas spiked.
Re:Car Thieves (Score:2, Interesting)
Now that we're talking about car thieves;
Once my car's fuel pump was busted, and I had been working with it since I tried in vain to start it.
I accidentally left the keys in the ignition at night when I went in, and in the morning we had a visitor, who asked, "what happened to your car?" "Something happened?" says me, only then spotting the empty bay in front of the garage door (not really visible from inside).
You imagine I was a little puzzled. There was no fuel pump in the car. How in heck had they driven off with it? Without really knowing what I was doing I started walking around the neighborhood, thinking they can't have gotten too far...
About 150 yards out, around the corner, there was the car, complete with the keys in the ignition (including my house keys - how's that for stupid?), the hood still unlatched, with no other sign of tampering but a dirty palm print on the white hood.
Turned out somebody had been waiting for us to go to bed. We had been sitting up till 2 AM right above the car bay, talking by an open window in the balmy summer weather. Whoever it was, had waited under the neighbor's shelter, smoking a crapload of cigarettes (~100 butts) - and taken a crap - to pass the time, then pushing the car out far enough so we wouldn't hear the starter grind.
Big fat reward there. I hope they had a sense of humor! (I kind of figure if they didn't have one, they would have vandalized the car to "get back".)
A bit offtopic, but I think it makes a good story.
Re:Potato Blight for computers (Score:3, Interesting)
There are two programs included with Windows versions (XP and newer) that do pretty much this. sigverif.exe which verifies every file's signature, and sfc.exe which will compare installed Windows files against service pack files and will copy from OS media any files that have been changed or are missing.
Re:april fools? (Score:2, Interesting)
Don't I feel backwards for writing it year/month/day---but it makes sorting backups and such so much easier.
That's what kills me about this.
I live in the USA, where the government recommends yyyy-mm-dd but everyone actually uses mm/dd/yy.
Every year I have to tell my kids' teachers "my kids are going to date their papers using the internationally standardized date notation, and you are going to accept it. Here's a handout with many reasons why, that also includes recommendations from NIST and other prestigious US scientific organisations. I will be checking their homework for proper date format, you don't have to do anything except allow them to do it right". In every single case the teachers read what I've provided, agree that I am being reasonable, and then take exactly zero steps to educate any child other than my own in proper date notation.
Every job I've ever worked, I've had a similar experience: I explain why we're all going to use ISO dates, and show how computer programs get more efficient, misunderstandings are prevented, etc. etc. etc. and everyone agrees but then keeps on using the retarded US format. They are all totally conditioned from school.
So, now that I have wealth and power, I simply fire everyone I catch using the stupid format. My employees tell each other, "He's reasonable about everything else, but he has a bug up his ass about date formats". This strategy is working incredibly well for me, because I now have zero employees who are unable to overcome mental conditioning. And someday my kids will rule this nation, because they are being raised smarter than their peers (most of whom are examples of devolution in action - can't ride, shoot, spell, or converse intelligently).
Re:april fools? (Score:2, Interesting)
And how do you propose they might do that? Reroute power through the main deflector dish?