Conficker Worm Asks For Instructions, Gets Update

KingofGnG writes "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."

coward

[Anonymous Coward]

FIRST! now.. where do i get that update ?

Updates?

[BrokenHalo]

Just so long as it doesn't insist on verification to check that nobody is using an unauthorised copy. After all, we wouldn't want to encourage piracy... ;-)

Who care?

[Clarious]

I run Linux! http://xkcd.com/272/ [xkcd.com]

I do

[PinkyDead]

I run VMWare on Linux! http://xkcd.com/350/ [xkcd.com]

Re:

[CannonballHead]

that was entertaining :)

Re:I do

[Anonymous Coward]

http://xkcd.com/493/

isn't he great ? XD

Re:

[AVryhof]

I run Conflicker.

Re:

[AlterRNow]

Last week? The year is currently 2009.

*chomp*

Re:Who care?

[Lostlander]

[quote]The worm targets Apache Web server installations [/quote]
Apache while an important application is NOT Linux.

Re:

[Lostlander]

Fail for me on the quote brackets. I blame phpbb and bbcode for ruining my html posting skills.

Re:Who care?

[__aaxwdb6741]

What do you blaim your inability to read the mandatory preview on?

Re:Who care?

[Lostlander]

What do you blaim your inability to read the mandatory preview on?

I'm American, I don't have time to make sure I'm correct before spouting off at the mouth.

Re:Who care?

[spacefiddle]

What do you blaim your inability to read the mandatory preview on?

Whatever we can blame yours on, I suppose!

Re:Who care?

[node 3]

Apache while an important application is NOT Linux.

Very few Windows viruses attack the Windows kernel.

Linux, the kernel, is one thing, and immune to an Apache exploit. Linux, the OS, generally includes Apache.

ZOMFG!!!

[AlgorithMan]

ZOMFG!!!
a linux virus infected 3500 machines 7 years ago!?
man, you put me to silence about win-vs-linux security!

I will instantly stop mocking windows for the dozens of botnets that spawn every day and have several hundred million PCs infected so far and infect tens of thousands of PCs every day...

Re:

[AlgorithMan]

hey, thats around 1.37 infected linux machines per day... i feel so ridiculous now, that i mocked the far over 35,000 infected windows machines per day... okay, there are more windows machines - say 1% linux, 90% windows, so if linux was as spread as windows, it would have been 123.3 infections per day - making windows JUST 283 times less secure than linux...

Re:UAC doesn't hold a candle to linux permissions

[Sancho]

Windows permissions are quite fine-grained. They're much more flexible than POSIX permissions--comparable to ACLs, in fact, which fewer people use on Linux.

The problem isn't the permission scheme at all, but a combination of legacy, a ruthless dedication to backwards compatibility, and lazy software developers who don't understand the guidelines that Microsoft (now) sets forth regarding secure development from their platform. Maybe throw in a dash of OEMs setting people to administrator by default, but until the other stuff is fixed, that's the only way that they're going to sell any computers.

That said, UAC is a lot like requiring sudo without a password, except that in theory, a user process can't automatically click "ok" for you.

Re:

[Hurricane78]

I once used Windows XP in that mode. Where everything and its dog was locked down by the ACLs. It was pretty nice to know that a virus could really only frag my (backuped) user account. But it was a pain in the ass for configuration and installation. Mostly because the programs were not made for it. They did not expect something to be locked down at all. Even internal Microsoft programs. So you very often got crashing programs and the like, because they hiccuped on a non-accessible resource.

But then I reali

Re:

[Ironica]

I once used Windows XP in that mode. Where everything and its dog was locked down by the ACLs. It was pretty nice to know that a virus could really only frag my (backuped) user account.

I know you meant "backed-up," but now I'm picturing a creature that walks with its back.

Re:

[sjames]

The last time I tried to lock down windows boxes and user accounts, it all came to a screeching halt because the accounting people had to have Quickbooks and Quickbooks absolutely would not run any time it decided (seemingly randomly) that it just had to modify it's own .exe with an update before it could even conceive of doing anything else ever again.

Net result, either make the most security sensitive app in the organization vulnerable full time, make everything vulnerable part time by giving the office p

Re:

[tb3]

UAC is a lot like requiring sudo without a password

Thank you. That explains just about everything right there.

Re:

[nullforce]

It doesn't require a password if you're running on an account that would otherwise be an admin. If you need elevation on a standard account, you have to enter the username and password of an account that does have admin privileges.

Re:

[whoever57]

Maybe throw in a dash of OEMs setting people to administrator by default,

This is not an OEM issue -- MS does this also. If you get an MS XP installation disk, install it and add users, the users will be Administrators. In fact, MS has made things more difficult since WIn2k -- under XP, the only options under the Contol Panel "Users" dialog are "Limited User" or "Administrator". Finding the option to exercise a more fine-grained control over user permissions is difficult -- most users won't find it at all.

Re:

[icannotthinkofaname]

That said, UAC is a lot like requiring sudo without a password, except that in theory, a user process can't automatically click "ok" for you.

Actually, according to what I've read (though I've never tried it), you can set UAC to require a password input.

Re:

[Sancho]

Yes, someone else pointed out that UAC requests a password if you aren't an administrator--which is, of course, correct. I fell into the same trap of assuming that users will be administrators, since that's how things tend to be in the real world (when not in a locked down environment, of course.) Of course, if you're not running as an administrator, the original complaint is moot. UAC is a compromise between making day-to-day users "Limited Accounts" and software which makes bad assumptions.

As a side no

Re:

[Sancho]

That's pretty spiffy, actually! I think it might even beat out gksudo, since ctrl-alt-del generates a non-maskable interrupt.

Re:

[Cyberax]

Unix permissions rule.

They are quite enough for almost all use and easy enough to understand at a glance. It's easy to write "chmod -R a+r-x dir", but I'd hesitate to do this with cacls.exe.

Dumbasses

[RoFLKOPTr]

If people would stop downloading free_porn.jpg from 4chan, renaming it to free_porn.exe, and running it... we would not be having these problems.

Re:

[Spazztastic]

If people would stop downloading free_porn.jpg from 4chan, renaming it to free_porn.exe, and running it... we would not be having these problems.

If people would stop jumping to conclusions and assuming the answer is that simple, we would not be having these problems.

Who modded him insightful? This virus isn't spreading because of people doing something clearly shady, it's because Internet Explorer still has the JPG exploit unresolved. The user can simply view a webpage with a malicious image (which could just be a 1px whitespace) and it executes the malicious code. I've dealt with many computers in the past months since it surfaced.

Solutions? Don't

Re:

[ColdWetDog]

Solutions? Don't use IE. Use SpyBot Search & Destroy to harden the systems, use Firefox with Adblock+ and NoScript. Use an antivirus program that actually has a webguard, such as Avira.

Sounds like an awful lot of work. Maybe move to a different OS?

Re:Dumbasses

[Spazztastic]

Solutions? Don't use IE. Use SpyBot Search & Destroy to harden the systems, use Firefox with Adblock+ and NoScript. Use an antivirus program that actually has a webguard, such as Avira.

Sounds like an awful lot of work. Maybe move to a different OS?

Ok, sure. It's a lot of work if you look at it in a simple fashion of throwing an Ubuntu CD at some user and saying "SUCK LESS THX"

How about the hours that go into training one or many users in a company on using that new OS? Compatibility problems? Setting up specialized software?

System hardening is more cost-effective decision versus switching OSes or having to clean up every computer that comes up with the problem. It takes about two hours at most to do it from scratch on one system image, then you can reimage as many computers that come up with the problem.

Re:Dumbasses

[truthsearch]

It takes about two hours at most to do it from scratch on one system image, then you can reimage as many computers that come up with the problem.

Except new holes and malware will keep appearing and the process will need to be done over and over. Add it all up and it's a lot of hours. In the long run it might be cheaper to switch OSs and retrain if that new OS is generally more secure and easier to harden up front.

Re:

[Spazztastic]

Except new holes and malware will keep appearing and the process will need to be done over and over. Add it all up and it's a lot of hours. In the long run it might be cheaper to switch OSs and retrain if that new OS is generally more secure and easier to harden up front.

Group policy scripts can have new hosts files downloaded and put in place, antivirus updates can patch holes, etc.

I'm 100% with trying to move Open Source, and I'm trying to push an Edubuntu lab in this district but it's a lot of work to apply it to the administrative systems.

Re:Dumbasses

[JonTurner]

>>How about the hours that go into training one or many users in a company on using that new OS? Compatibility problems? Setting up specialized software?

Still probably cheaper than having your entire network (and all corporate data, financial plans, product designs, confidential data, HR information, payroll, etc.) owned by a botnet and copied to who-knows-where.

Re:

[salesgeek]

System hardening is more cost-effective decision

Says who? On what basis? Yes, changing OS is disruptive, but it solves the problem of malware in near finality. Personally, I made the jump this year, and have not lost a single day to malware or OS issues. I can still run Windows apps when needed (hello VirtualBox), but don't have to for the basics: email, web, word processing, etc... VirtualBox in many ways is a padded cell to Windows insanity.

Reimaging is all fine and good until the guy in accounting ca

Re:

[Spazztastic]

All of my posts are coming off as anti-linux, and I'm not. I've tried to push it but nobody moves on it.

In the place I work for, we tell users ALWAYS put your files on your network shares. We don't back up your data before we reimage it because you went to a website that is not work relevant or got a virus for plugging in your brothers thumb drive with virus embedded in U3. It's proven to work well here, and if they do tell me that they need something backed up, I pop in my Knoppix thumbdrive, back it up, a

Re:

[Ritz_Just_Ritz]

Personally, I'd balance those "retraining" costs against the potential cost of having some careless person infect your corporate network and then having to deal with the fallout.

Sure, there are companies that have the need to run specific applications that (today) only work in a Windows environment. But the VAST majority of office drones out there are basically using Microsoft Office, a mail client, and a web browser. Migrating that typical user to Openoffice + some non-Outlook client + Firefox is not THA

Re:

[rantingkitten]

Ah yeah, the ol' "retraining" argument. That one's always been hilarious to me. Like users "know" Windows either?

They don't. The vast majority of people don't "know" Windows -- they know how to click a few icons, the locations of which they've memorized, so they can launch applications -- usually really generic ones. If you move their icons around suddenly it's "HEY MY OUTLOOK DISAPPEARED" and "I CAN'T FIND THE H DRIVE!" And if you ask them to do anything in Windows beyond opening and using those f

Re:

[NeverVotedBush]

Heck, just configure it with one of the default Windows desktop backgrounds and you might not need to retrain at all... ;-)

Re:

[anagama]

I agree with you on the point that most people use computers in a rote and unimaginative fashion. However, I think in some respects people do care what program/OS they use, just not for the right reasons.

For example, a couple weeks ago I saw my new receptionist sitting at her desk with a laptop wedged between herself and the monitor for her desktop. When I asked her what she was doing, she explained that she was entering some data into excel -- a simple two column "item,price" type thing. I told her I wa

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[camcorder]

You might install them once, but you need to run them zillion times. At least migrating to another OS would save you from total time spent using an inferior one.

Re:

[Kokuyo]

Thanks, I'd like an OS that does what I want.

And before someone mods me Troll, I'd like to state that I have tried getting used to several versions of Ubuntu and Mandriva. While Mandrive by far had the better experience for me, I still wasted hours and hours to get stuff to work that just works out of the box on XP.

So while I appreciate Linux as a server OS and while I see many happy people running linux, it just isn't the OS for me.

Therefore, compared to all the trouble I usually have with linux, this 'awf

Re:

[PitaBred]

It sounds like you're trying to treat Linux like it was Windows, but free. The people that have the most problems switching to Linux are those that are Windows power-users. Linux is not Windows [oneandoneis2.org].

Remember, you're a newbie when you go to Linux, and there are a lot of people (like me) who use it as their only OS, where Windows is relegated to the "toy" system. It is possible. Just gotta change the way you think.

Re:Dumbasses

[Urd.Yggdrasil]

Uhh, what? I have no idea what this "JPG exploit" your talking about is. Conflicker spreads through the MS08-067 [microsoft.com] RPC vulnerability, removable media, and shared folders; nothing to do with IE or jpegs.

Re:

[Urd.Yggdrasil]

I really wish you would upload a sample someplace because I have never heard of anything like this. The last widely exploited image file based exploits that I know of was the ANI and WMF vulnerabilities, and those have been patched a while ago.

Re:

[Spazztastic]

I really wish you would upload a sample someplace because I have never heard of anything like this. The last widely exploited image file based exploits that I know of was the ANI and WMF vulnerabilities, and those have been patched a while ago.

When I get home this evening I'll reply to this with it, I can't get onto the message board I found it in.

Re:

[Spazztastic]

I got a sneaking suspicion this guy has windows update completely disabled, and it still using XP with no service packs because he "can't trust" Microsoft updates.

Sounds like you've been reading too much of TheDailyWTF. I sound like a lying jackass right now because I can't provide an example, but once I get home I'll reply with one.

Re:

[Tony Hoyle]

It exists, but I'm not sure of the details - I do know there have been a few jpegs on the wow forums in the last few months with a payload on them, and some have been caught out before the image was deleted.

Re:

[Urd.Yggdrasil]

I still very much doubt it, for the simple reason that if this was indeed a publicly known vulnerability that required no javascript and could be executed by opening an image file every hacker and their grandma would be using it right now. Those sorts of exploits are very valuable to malware authors.

Re:

[NatasRevol]

You mean like the cornflicker people???

Re:

[Urd.Yggdrasil]

I mean any malware author. Code execution vulnerabilities in non-executable file formats like images or documents can get through email and intrusion detection systems much more easily than exe's.

Re:

[DrVomact]

the JPG exploit is actually an old one (I thought even ms got this exploit in sp2 or something like that) and is really easy. Basically you take a jpg image , open it with a file compression app and then drop your payload in. When the Image is loaded, the payload is executed, effectively infecting systems. ... Now, granted there is a little more to it than that, however that is the basics of the jpg exploit and how it works.

I'm sure there must be "a little more to it than that", because what you've said so far doesn't make sense. What does it mean to "open a JPG image with a file compression app"? I open WinZip and put the file in a new archive? Then I add some malicious program to the zip file? I don't see how this would work. If I execute the zip file, WinZip opens up and shows me that the archive file contains a jpg and some mysterious program. Why would I run the program? Why would loading the jpg image run the program? Or

Re:

[Jamie's Nightmare]

Internet Explorer still has the JPG exploit unresolved.

You would be right, except for this patch [microsoft.com] that was released in 2004 shows that you aren't.

Re:

[Deanalator]

Hahaha then too,
but my guess is that spazztastic is referring to ms09-002

http://milw0rm.com/video/watch.php?id=96 [milw0rm.com]

Re:Dumbasses

[Nethead]

milw0rm.com Mothers I'd Like to Worm?

Just got hit by a .exe with adblock+ on

[Nicolas MONNET]

On a random blog, which was rather legit, I ended up getting redirected to this page:

Here's the link: hxxp://gowithscan.com/?uid=13100 (malware! warning!)

It appeared to scan my Windows and find multiple vulnerabilities. Good thing I'm running Linux. Then it proceeded to obnoxiously pop up JS alerts and have me download an install.exe. Major antivirus couldn't find anything wrong with it. I have the file if anyone is interested (submitted it to clamav.org too).

Re:

[spacefiddle]

Please don't mention "4chan" and "hardened systems" that closely.

What I want to see in worm development

[Colin Smith]

Is real evolution. And I don't mean Intelligent Design.

Look, you're malware authors, you have millions of machines to play with, you could bring the next stage of artificial life to the fore. Think of the recognition, the glory, the girls.

 

Re:

[tpjunkie]

Think of the recognition, the glory, Skynet

There, fixed that for you.

Re:

[fm6]

You know, the movies never do explain why Skynet hates humanity so much. Any clue?

Re:

[Tony Hoyle]

Actually they do. The humans panicked and tried to switch it off. It retaliated in the only way it could.

Basically it's pissed off because the humans tried to kill it.

Re:

[fm6]

Is this in one of the movies? If so I missed it. T3 at a guess; the plot was so dumb I probably wasn't paying attention.

Re:

[jpmorgan]

It was explained in T2.

Re:

[account_deleted]

Comment removed based on user account deletion

why couldn't the instructions come from whitehats?

[DragonTHC]

if it's asking for instructions, why do they have to come from the blackhats? why couldn't someone write an update telling conficker to cease operation and uninstall itself?

Re:why couldn't the instructions come from whiteha

[patro]

The worm probably uses encyption, so it doesn't just accept any control message from unknown sources.

Re:

[gnick]

Because unless you have something to gain (other than a warm feeling that you've done something nice and have helped the world), nobody wants the liability associated with writing an illegal but benevolent worm and releasing it.

And, you know, having access to the original source code saves some time picking apart obfuscated machine code.

Re:

[elashish14]

Because unless you have something to gain (other than a warm feeling that you've done something nice and have helped the world), nobody wants the liability associated with writing an illegal but benevolent worm and releasing it.

Oh I'm not sure that there's nothing to gain from it. Does nobody remember the Morris Worm? If that's all I have to do to get a professorship position at MIT, hey, there's something to gain there!

Re:

[DrVomact]

Oh I'm not sure that there's nothing to gain from it. Does nobody remember the Morris Worm? If that's all I have to do to get a professorship position at MIT, hey, there's something to gain there!

Oh, you mean they let Robert Morris out of jail? I kind of assumed he'd be out on parole by now...but I didn't know about the teaching post. Ah, I looked it up...Associate Professor at MIT, no less (http://en.wikipedia.org/wiki/Internet_Worm [wikipedia.org]). And looks like he never had to do any hard time.

I feel a certain fondness for Morris, because I worked for the same company where he was a summer intern once. Sigh...my brush with fame. You have to give him points for originality: after all, his was the first worm.

Re:why couldn't the instructions come from whiteha

[Thelasko]

why couldn't someone write an update telling conficker to cease operation and uninstall itself?

Because that would be illegal. [usdoj.gov]

Re:why couldn't the instructions come from whiteha

[tecnico.hitos]

Now that is something BBC should take care of.

Re:why couldn't the instructions come from whiteha

[krappie]

F-secure was one of the first people I'm aware of to register some of the domain names that infected machines try to contact. When people were asking this question, this was their response [f-secure.com].

On a regular day, our sinkhole sees around 1.5M-2M unique IP addresses that are infected with a various catering of malware: viruses, trojans, bots, worms and so on. Downadup.B is responsible for about 1M-1.3M of those IP addresses. So let me explain what we do with the data first:
We try to contact the ISP's where the infected IP addresses are coming from and try to get them to notify the customers to take down the infected systems. We also notify various CERT organisations in the countries where the infections are and work with them to get the infected machines offline. We also share some the data with Law Enforcement organizations in those cases where the author of the malware is known. This allows the police to get their hands on real, raw, data on the amount of infections. That data can later be used in court as evidence to get reasonable convictions.

Now, why won't we automatically disinfect the machines? The reason is simple: we would be knowingly, and with intent, be accessing the infected computer and giving it commands without having a prior permission from the owner. In most countries that equals to unlawful access which gets you an appointment in court. Some laws do weigh things by judging "a greater good", but in this case it does not help. Imagine the world being a huge porcelain store, inside a black box with only two holes for your hands allowing access. You can put your hands in the box but can't see what you're doing. Now, try to remove all the dust without breaking anything...

There are several things that might go wrong and the consequences could be severe. Imagine if we, while disinfecting, would knock out life support systems in hospitals. Or radar systems in major airfields. Or traffic lights in a major city. Or any other of imaginable and unimaginable scenarios that would be bound to happen taking into consideration the scale of this thing.

And it doesn't matter where we offered the disinfection from. We are a corporation with presence in various countries. The disinfected victims would be in those countries, suing us there. The place where we caused the damage from does not matter, its the place where the damage happened.

To make automatic, remote, unwilling disinfection ever possible there is a need for an international treaty. And an internation body of authority that will decide what to disinfect, who to disinfect and when to disinfect. And unfortunately I don't see that one coming in near future. I wouldn't bet foreign militaries or intelligence organizations being too happy about anyone tampering with their systems, regardless of the intent.

We've had long talks about remotely disinfecting machines and everyone in here is in unanimous vote on not doing it for the above reasons. And don't think it's a happy moment seeing hundreds of thousands, or millions, of machines being infected. Still, we do our best to get them fixed.

Re:

[Provocateur]

What's the proper voice to read this in? Comic Book Guy? Morgan (Freeman)? Alan Rickman? There should be a video montage somewhere...please don't leave out Dogs and cats living together!

Re:why couldn't the instructions come from whiteha

[Thelasko]

why couldn't someone write an update telling conficker to cease operation and uninstall itself?

How do you expect to make any money doing that?

Ok, so for the uninformed....

[neokushan]

This may be the most complex worm/virus ever made, but is it any more prevalent or hard to remove?
If I do basic things like keep my Virus definitions and system OS up to date and occasionally scan for spyware, am I still at risk?

In other words, are the ones at risk the same kinds of people who'd be at risk from a lesser, simpler, worm that essentially spreads via a "click here for free porn!" banner?

Re:

[Tony Hoyle]

Probably not. I suspect a fully patched machine behind a non-broken firewall is reasonably safe (which you would think would be almost everybody, but never understimate the power of human stupidity). I don't know anyone that's had any contact with this worm, only the press hype.. so no idea how prevalent is really is - but I suspect a lot less than the AV companies would like us to believe.

Re:

[TheCarp]

Well... if you are a malware author....

the VAST majority of users are not savy. Lets say the 80/20 rule applies, you can do 20% of the work to get 80% of the benefit. Its probably even bigger than that. The point is, you can do a LOT of extra work to get to the small percentage of people who take basic precautions.... then its even more work to get the small percentage of them who take more than basic precautions...

But... your first cut hit a million nodes... is all that work worth it to bump it up to 1.1 m

When the payload drops, even Linux users care!

[lbhuston]

If the payload for all of these infected hosts affects traffic across the Internet, even Linux users may care about this issue. Don't be lulled into apathy, this is a powerful, dynamic and capable threat with some very advanced coding and routines. The developers know how to optimize their threat and squeeze a ton of trouble from its deployment. It now sits in a rather powerful position, depending on how they intend to use it. You can catch scanning hosts on your internal networks using listeners on port 445 from Linux boxes without samba. Tools like netcat or own HoneyPoint applications have proven great at finding active hosts. If you identify any on your environment, remove them immediately. The less zombie systems Conflicker has to utilize, the better!

Re:

[Tony Hoyle]

Are you likely to? Pretty much any company is going to have a decent firewall and proper IT policies (eg. no USB dongles, no floppies, no anything from outside without prior permission). If a company gets hit the first action should be to fire the IT staff, then hire new ones to clear up the mess.

Schools/Colleges are the ones that are most vulnerable, followed by home systems (assuming most people are behind a NAT and only numpties would forward every port blindly.. although it's scary how many times I've

Re:

[pembo13]

No, I think I'll enjoy my apathy just fine. When the payload drops my desktops/servers will still work.

Favorite worm poll

[davidwr]

What are your favorite type of worms?

*Tape
*Round
*Heart
*Nightcrawlers/earthworms/anything uses for fishing
*spy/mole/CIA/KGB, including corporate espionage
*Software/malware
*German city
*Eisenia cowboynealia

Maybe now....

[SGDarkKnight]

it can cause five tankers in the Ellingson Fleet to capsize.

Google Cache Link

[hostguy2004]

http://209.85.173.132/search?hl=en&q=cache:kingofgng.com/eng/2009/03/16/conficker-worm-asks-for-instructions-and-gets-an-update/&btnG=Search [209.85.173.132]

Does it work under Linux? I want this toy! :)

[alukin]

Really cool stuff! I want this toy!!! Can't believe that authors support Windows platform only! :)

dangerous and worrisome? threat level 2

[wealthychef]

The link in the article does not seem to support the hysterical tone of the summary. It says:

.
W32.Downadup.C
Risk Level 2: Low

Time for another chorus of the Botnet National...

[Chris Tucker]

...Anthem!

Botnets, worldwide botnets.
What kind of boxes are on botnets?

Compaq, HP, Dell and Sony, TRUE!
Gateway, Packard Bell, maybe even Asus, too.

Are boxes, found on botnets.
All running Windows, FOO!

-------

Why, yes, I AM a smug bastard who's running Mac OS X. Thanks for asking!

Re:Nitpick...

[_Sprocket_]

Maybe I'm being picky here, but why does Slashdot's icon for this story depict a caterpillar? Don't the editors know the difference between a caterpillar and a worm?

It's an inchworm [wikipedia.org].

Re:

[a09bdb811a]

It's an inchworm.

Which is a caterpillar.

But that's ok. Pictures of worms are so damn hard to find.

Re:

[_Sprocket_]

But the caterpillar is called an inchworm. Look - the category isn't about earthworms (or any other long, soft-bodied critters). It's about computer code. Picking an inchworm as a graphical representation of that code is just as valid as any other "worm" imagery.

I understand the curiosity factor if you didn't know the image was an inchworm and instead you wondered what catapillers have to do with computer worms. But now that the correlation has been demonstrated, any further complaint is just being inte

Re:Nitpick...

[Ihmhi]

It's an inchworm [wikipedia.org].

That's what SHE said!

Re:Nitpick...

[Chrisq]

Maybe I'm being picky here, but why does Slashdot's icon for this story depict a caterpillar? Don't the editors know the difference between a caterpillar and a worm?

That's why it's so dangerous. It mutated

Re:

[Anonymous Coward]

You're worried about the worm/caterpillar when there's a *stapler* underneath?

Re:

[geobeck]

You're worried about the worm/caterpillar when there's a *stapler* underneath?

So that's why the second icon showed up as a broken image, viewing the page from here in Vancouver. We've had a serious crack-down on those dangerous weapons [google.com] around here recently.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Vectronic]

Ok fine... Conficker/Downup/Downadup/Kido/something else malware, that according to Symantec...

Re:

[SoulRider]

Aww, give it a few more years and it will probably name itself!

Re:

[hesaigo999ca]

I am with you on that one, Linux would not be so susceptible as windows, although they have their own rootkits, but you get alot of programs (such as tripwire) that let you know when something is wrong,
and then just recompile that particular program.

As for windows, once your win32.dll has been rooted, then you cant turn around and do the same without reinstalling a whole slew of other things, thereby changing the installation, sometimes breaking patches or updates...

I say lets all move to linux for the desk

Re:Damn

[Anonymous Coward]

It continually amuses me how the mainstream media managed to censor the name of this worm. It was originally conficker, which is slang/shorthand for 'configuration file fucker', but using the German fick instead. It was also known as 'downandup' as in the hip motion; both clearly sexual references. Since any kind of indirect reference to sex gets you scrutiny and/or shunning from the Moral Majority, suddenly we have 'downadup'.... So much better?

Re:

[raddan]

It's not that simple in a corporate environment (i.e., LAN). We do packet filtering and proxy at our ingress and egress points, we stay up-to-date with patches (WSUS), and AV (ESET), and we've disabled a number of unnecessary Windows services, but still, occasionally infections get through. Sometimes this is because a consultant or freelancer walks through the door and plugs into our network; sometimes it's because a laptop user brings something back with them. Sometimes, yes, it's our own users who are