Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Botnet Worms Security The Internet Technology

Years-Old Conficker Worm Still a Threat 71

RedEaredSlider writes "The Conficker worm is still a threat, even though it is more than two years old and nobody has used it in a botnet attack yet. The problem is that so many machines are infected (largely because many don't realize it) and it's such a flexible piece of malware."
This discussion has been archived. No new comments can be posted.

Years-Old Conficker Worm Still a Threat

Comments Filter:
  • The real issue: (Score:5, Insightful)

    by Isaac Remuant ( 1891806 ) on Thursday January 27, 2011 @10:09PM (#35028098)

    The Average User is still a threat in his path to ignore one and all security measures.

    • Re:The real issue: (Score:5, Interesting)

      by clarkkent09 ( 1104833 ) on Thursday January 27, 2011 @11:27PM (#35028590)

      The real issue: software industry releases insecure products and blames ordinary users for not being IT security experts which is what it takes to be truly secure.

      • They have a vested interest in maintaining the status quo.

        Not to mention plain incompetence on their part. Such as McAfee mistaking a core Windows file for a "virus" last year.

      • Dude, At least, In my company. Mails were sent providing patches and explanations of how to deal with the conficker virus. How to treat your removable drives, etc.

        Few listened and we were annoyed for some months by each infected computer. Somehow, the virus managed to get into the network and lot of employees wasted valuable time reinstalling their OSes only to be infected immediately for not taking the necessary measures (being offline, patching).

        • by dave562 ( 969951 )

          What kind of company do you work at where they can't afford an IT professional to coordinate a virus cleanup? A Conficker clean up is something a $30 an hour network tech can handle if given the right instructions, time and leeway to take care of it.

          • A goverment company in a third world country with 350+ employees and a lazy IT department (of which I'm not a part of).

            That being said, the users have no regards for computer security. They care about their cars, their paperwork, the keys to the office, but always fail to recognize the vulnerabilities of a computer system.

            • A goverment company in a third world country with 350+ employees and a lazy IT department

              Sounds about normal then. I did some work last year for a South Korean government department and every single memory stick that they tried to pass data to me with had some sort of virus on it. Don't know (or care) if it was Conficker or something else. It would seem that every one of their laptops was infected too - copy the data off a memory stick, clean and re-format it, re-load the data. 2 hours later, the stick is i

        • Mails were sent providing patches and explanations of how to deal with the conficker virus.

          Yeah, and from your perspective as (I assume) an IT guy, that was sufficient. But from the perspective of a random employee for whom computer is just a tool to get their actual job done, dealing with patches and explanations about "worms" (or is it snails) is an annoying and time consuming distraction. Especially when there is one update or another asking you to install and reboot just about every day, forcing

          • by Quirkz ( 1206400 )
            What you say is true, but your cynicism may be a bit heavy handed. I mean, I think timecards, expense reports, and all-hands meetings are annoying and time-consuming distractions, but when accounting emails me and says they need an expense report I still do it, even though I'm a computer guy and not a money guy. Despite the fact that every single time I mess up at least one of their obscure accounting codes (5xxx72 is for travel, but 5xxx74 is for food, except if it's food when you're traveling, then it's 5
        • by smash ( 1351 )
          End users getting/dealing with virus = fail of IT dept. Other employees are not employed to deal with IT issues. Expecting them to do so is an epic fail. It's not their job.
      • Re:The real issue: (Score:5, Insightful)

        by causality ( 777677 ) on Friday January 28, 2011 @12:31AM (#35028910)

        The real issue: software industry releases insecure products and blames ordinary users for not being IT security experts which is what it takes to be truly secure.

        The bar could be raised far higher than it is now without even beginning to approach expertise. That's the part that is often underappreciated.

        "Truly secure" in an absolute sense is rarely if ever attained by anyone, and almost never necessary. What you really need to achieve is "unprofitable to compromise". It's security in a relative sense and much more realistic.

        I don't really disagree with your assessment of the average quality coming from the software industry. The users are not typically blamed for that, even though they're collectively responsible for creating a market where shoddy quality sells. That responsibility is indirect and spread out among large numbers of people.

        The users are more often blamed for not even trying to protect themselves, for not making even a token effort to understand the risks. That decision is more immediate and individual. For this reason average users are often characterized as stupid.

        I'm personally more inclined to believe that they could do better if they wanted to. I've seen the mentality many times because there is such an overabundance of examples (and not just in computing). It's not stupidity in the normal sense, though you could call it a kind of stupidity because it tends to act against one's own interests. It's more like an intellectual laziness combined with an entitlement mentality which insists that things like security must always be "someone else's problem" even though it won't be "someone else" who suffers any insecurity.

        Like any entitlement mentality it has to have an excuse to function, to seem like a believable position one does not wish to abandon. In this case it's the excluded middle: the notion that users are either drooling idiots or highly skilled experts with no intermediary states. That enables the afflicted to respond to recommendations for how they may improve by becoming offended instead of assessing the feasibility of the suggestion. The intellectual laziness component comes from institutional schooling's lesson that learning is hard and full of toil and cannot be a joyful process of discovery and fascination.

        You combine those things and you get a user who is nearly impervious to even the most basic, most easily understood advice especially concerning topics like security. Even when it's in their own interests to listen to it. Even when implementing it would be easier than their current practices. The rest of us get a degraded Internet in the form of spam and DDoS attacks and worse that so many compromised machines facilitate, thanks to network effects.

        The case against the mentality of the average user has a solid foundation, primarily because most of them could choose differently.

        • by 1s44c ( 552956 )

          "Truly secure" in an absolute sense is rarely if ever attained by anyone, and almost never necessary. What you really need to achieve is "unprofitable to compromise". It's security in a relative sense and much more realistic.

          "Truely Secure" is attained by me. I have a windows 2000 server that all the crackers in China and Russia working together could not get into unless they physically took the hardware apart. I simply unplugged the network port.

          • I raise you one box that doesn't actually have any components inside it. Totally secure, it can't even be hacked with physical access to the machine!
            In other words, it may work for you, but for the vast majority of people a (secure) computer that's not attached to the network is about as useful as a bicycle is to a fish.
            • I raise you one box that doesn't actually have any components inside it. Totally secure, it can't even be hacked with physical access to the machine!

              I have an axe that begs to differ.

          • What amazing skill you have, that you were able to make this slashdot post with no active network adapter. Telepathic posting? Or perhaps having a network connection really is more important than you let on.
        • Like any entitlement mentality it has to have an excuse to function[...] : the notion that users are either drooling idiots or highly skilled experts with no intermediary states. [...] becoming offended instead of assessing the feasibility of the suggestion. [...] intellectual laziness [...] schooling's lesson that learning is hard and full of toil and cannot be a joyful process of discovery and fascination.

          ^-- THIS! a perfect example that a statement can hit many nails in the head with the same blow. Since IT is an illogically successful mix of magic and mystery to older people, they think we are all doctors doing things they can't bother to DISCOVER, as you said. When we push and prod them forward with things like "read this and follow the simple steps" and "never use THAT browser or you'll waste yet another afternoon of my time to clean up after you", they're too lazy to listen, and are offended that we're

      • by 1s44c ( 552956 )

        The real issue: software industry releases insecure products and blames ordinary users for not being IT security experts which is what it takes to be truly secure.

        Microsoft released the insecure product involved. They didn't ask for or get the approval of the whole software industry before doing so.

      • Hi clarkkent09!

        Did you check out that clip of Natalie Portman eating hot grits?
        You can download it here.

        Of course you'll probably need to install the Conficker codec to watch it but believe me its worth it!!!

        Cheers,
        Lady Field Marshall Idi Amin Gaga.
      • Comment removed based on user account deletion
        • Don't have mod points today, but the OP is dead on.

          You look at the Malware scene today, and the first things that better come to your mind is "Social Engineering" and "Trojan Horse". Just about every Malware writer worth their salt knows it's easier to hack the user over the OS. They know the below 4 laws really well and they are not afraid to use them against users.

          Laws of Computer Stupidity
          1) 99% of computer users do not know what they are doing.
          2) Computer users do not read.
          3) If a computer user can clic

      • Luckily I am fully protected. I have Antivirus 2009, 2010, and 2011 now running all at the same time in addition to AntiVirus Lab 2009 and AntiH4x0r Millenium edition which my ex wife gave me a copy of last week.

        No viruses will ever touch my machine.

    • Now there is an underrated statement if i ever heard one

    • Forget user, the Fortune 500 natural gas pipeline company I left in December got hit with Conficker last year. Their virus defs were WAY out of date, desktops were 100+ Windows updates behind, just a sad state of affairs. Of course, only IT people have admin access (a good practice... strange for that place though) so they cannot run their own updates.

      I've heard they still don't have tape backups working properly, nor SCCM pushes to a second domain. And the Sr. Director of IT spent time "writing" (actual

  • The conficker worm exploits vulnerabilities on unpatched windows systems. If we were instead talking about a resurgence of the "iloveyou" virus or something of that nature, that would be a surprise. But conficker - as a worm - finds its own targets and infects on its own. And it will continue to do so as long as the writers of it find new holes to exploit in windows.

    Just wait until Microsoft stops releasing security updates for Windows XP, then conficker will really have a chance to run wild.
  • how novel (Score:5, Funny)

    by gearloos ( 816828 ) on Thursday January 27, 2011 @10:24PM (#35028202)
    A link to a story ridden with popups about a worm. Cmon /. you can do better.
  • by jobst ( 955157 ) on Thursday January 27, 2011 @10:30PM (#35028240) Homepage

    of course it still a problem, especially if you read what happened to me this morning....
    Our sales directors computer (dell) has real trouble accessing the net (very very slow) whenever he tethers his laptop with his Galaxy S. I have the same laptop and phone but use Fedora14 and tethering gives me real good speed (considering) .... his is Win7 using Trend Micro (included when buying the dell) . When I turn Trend Micro off it performs well, loads the web-pages at the same speed as mine does.

    So there would be no surprise to me if a lot of machine run without virus/internet security because those machine become a real hog/snail/whatever .... so users cant be bothered!

    • i confirm this (Score:3, Interesting)

      by decora ( 1710862 )

      i know someone who works at a huge support center for a certain cellphone carrier. this person has informed me that they spend a good deal of their day telling people to shut off antivirus in order to get their "Modem Cards" (apparently the fashionable name amongst the masses) to work.

    • by 1s44c ( 552956 )

      So there would be no surprise to me if a lot of machine run without virus/internet security because those machine become a real hog/snail/whatever .... so users cant be bothered!

      I know that problem. People that turn off security updates because they are too important to be bothered with reboots should be kicked somewhere it hurts.

  • by Anonymous Coward on Thursday January 27, 2011 @10:35PM (#35028278)

    The college (part of a larger university, but separate for IT purposes) I work at in Beijing has a choice between two different free (Chinese produced) antivirus/antimalware products. The one that detects Conficker is on the computers of the people designated "sysadmins" (discussion for another day as to what qualifies as a sysadmin at this school) and any computer I am required to use as a function of my work (not including my personal notebook, which the admins aren't allowed near). The software that doesn't detect Conficker (or quite a few other 2+ year old baddies, in spite of being "up to date") is on everyone else' computer. As best as I can determine, this is to give the appearance of justifying the positions of the 5 sysadmins needed to support less than 50 computers (not including the lab computers which require minimal support because they suck so badly the students would rather go to an internet cafe to do their work, if they can't afford to use their own computers). Someone let me know when an opening at Tsinghua U. is available.

    • in order to keep your job you have to keep your power base in the bureaucracy.
      in order to keep your power base in the bureaucracy, you have to keep your budget.
      in order to keep your budget, you need to keep it at the same, or higher, level as last years budget.
      in order to do this, you have to snowjob any penny pinching meddlers into thinking it's absolutely necessary.

    • by Kozz ( 7764 )

      ... this is to give the appearance of justifying the positions of the 5 sysadmins needed to support less than 50 computers (not including the lab computers which require minimal support because they suck so badly the students would rather go to an internet cafe to do their work, if they can't afford to use their own computers). .

      I visited China a few years ago. Correct me if I'm wrong, but it certainly seems clear that it's part of the Chinese culture to prevent idle hands (for better or worse). It would seem that it is better to employ numerous individuals who each have possibly inadequate tools rather than a few with exceptional training and/or equipment -- above all, everyone's got a job, even if that job is next to mindless and minuscule, something that would never exist in the west. I get the feeling my karma will take a hi

      • The "right to work" is more or less inherent in communistic societies. China may have converted to capitalism, but the indoctrination dies hard (see: eastern Germany.)
      • It would seem that it is better to employ numerous individuals who each have possibly inadequate tools rather than a few with exceptional training and/or equipment -- above all, everyone's got a job, even if that job is next to mindless and minuscule, something that would never exist in the west.

        When you think about it, it makes sense. They have lots of people. It's more cost efficient to use man-power for most tasks than it is to train one person in specialized equipment.

        You get lots of people working and

      • by jamesh ( 87723 )

        I think that the OP's point was that they are manufacturing a situation that requires more people rather than giving 5 people a job that one could do, which is more like the West than the East.

        Guess which way is better?

  • by jroysdon ( 201893 ) on Friday January 28, 2011 @12:40AM (#35028924)

    One problem is the low-end users who have systems they have bought from a "friend" which turns out to have a WGA-failing pirated copy of Windows. Windows Updates refused to allow it to be patched, leaving it to sit there waiting to be infested.

    What Windows needs to do with WGA is give a grace period (60 days?) and warned if you do not get this copy legally licensed within X days then it will stop working (just like beta demo copies). After that time, have it just start up, explain the error and shut back down after 60 seconds. Not popular, but it would keep the bad machines offline. It would force the users to either get legit Windows installs which would have patch support, and/or they'd move to Linux which would also have patch support.

    • by Kakari ( 1818872 )
      Except of course the various reasons why that won't happen - MS would rather have people using Windows than get paid for all the copies[citation needed]; patches will be made for the shutdown trigger[citation needed]; oh and security patches still happen [microsoft.com] on WGA failing machines. (It's the 5th question down).

      OK, so the last one isn't a reason why MS won't do what you suggest, but it is important because even invalid copies aren't left unpatched - that would be disastrous.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      One problem is the low-end users who have systems they have bought from a "friend" which turns out to have a WGA-failing pirated copy of Windows. Windows Updates refused to allow it to be patched, leaving it to sit there waiting to be infested.

      Bzzt, Wrong.
      WGA only prevents optional updates being installed not security patches. (It only prevents installing Internet Explorer 7/8/9, Windows Media Player 10/11, etc). Microsoft knew that would be stupid from the beginning so they never tried it.

      They did toy with the idea of preventing Service Pack 3 from installing without WGA [but not the individual patches themselves] but I don't think they went through with that due to the outrage from the security community about how that would harm everyone else

    • by FreelanceWizard ( 889712 ) on Friday January 28, 2011 @01:24AM (#35029064) Homepage

      This is not true. [microsoft.com]

      "The Automatic Updates feature is not affected by the WGA validation check. Therefore, you can use the Automatic Updates feature to make sure that you receive critical Windows updates."

      Only some updates are marked as "genuine only," and this doesn't include security updates (which are all critical).

    • If you think carefully about this you may be able to discover a solution to your problem that doesn't involve changing things that are beyond your control or influence. The answer is implied in the question.
    • by antdude ( 79039 )

      You can still get critical updates through XP's Automatic Updates.

  • The entire time I read the article, I was thinking about this [xkcd.com].

Garbage In -- Gospel Out.

Working...