Conficker Downloads Payload 273
nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."
april fools (Score:5, Funny)
Re:april fools (Score:5, Insightful)
I think the Conficker was going for the clichéd horror film approach. Granted, it should have really done it on April 2nd but doing it this way has probably blind sided more people.
Re:april fools (Score:5, Funny)
That honestly would have rocked...
April 1 - 2009 Conflicker downloads and activates it evil payload. Computer screens all over the world go black with large red numbers counting down to....... something......
Do it like the many really bad computer hacker movies. That would simply be funny as hell. The raging panic from the easily panicked sheep, Fox news will report that Conflicker turns your computer into a bomb, etc....
THAT would be the coolest April fools joke ever.
Re:april fools (Score:5, Funny)
Re:april fools (Score:4, Funny)
Re: (Score:2)
Holidy Weekend. (Score:5, Interesting)
Re: (Score:2)
Bots, spammers and organizations doing layoff.
There, now its corrected.
Re:Holidy Weekend. (Score:4, Funny)
like playing your starters against their backups.
Could you change that into a car analogy? Thanks!
Re:Holidy Weekend. (Score:5, Funny)
It's like showing up to a street race in a rickety-looking Ford Escort which secretly houses a small block V8 with nitrous.
It's like a porn star showing up to a naked pool party for men with erectile dysfunction.
It's like bringing a gun to a knife fight.
Re:Holidy Weekend. (Score:5, Funny)
Re: (Score:2, Insightful)
Comment removed (Score:4, Insightful)
Re: (Score:2)
Why couldn't she just called it "Moronic" and be done with all this?
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
I think of it differently. Han is an experienced criminal in Star Wars. Luke is still quite naive.
Han says that the MF made the Kessel run in less than twelve parsecs, obviously not a measure of time. Luke asks if that is fast. Han then knows that Luke is an interstellar NOOB. While not nice, this type of behavior was something that made Han Solo interesting in the first films. He went from a selfish smuggler that would have ejected his passengers in space to a selfless leader.
But like the another
Re: (Score:3, Funny)
Because, it'll hurt more?
Re: (Score:3, Insightful)
Re:Holidy Weekend. (Score:4, Informative)
Re:Holidy Weekend. (Score:5, Funny)
like playing your starters against their backups.
Could you change that into a car analogy? Thanks!
It's like playing your things that you turn the key in that makes your engine go vroom!vroom! against their things that go Beeeeep Beeeeeep Beeeeep.
Re:Holidy Weekend. (Score:5, Funny)
At my old apartment we had someone stealing gas on the peak of the market.
Since my truck is crap it was an easy target. They stole almost an entire 30 gallon tank full.
I found out who it was by disconnecting my fill spout from the tank (and piping a new fill spout from the tool box in the bed), and putting in a mini tank on the OEM filler. Filled it with about 3 gallons of nitromethane and 2 gallons of diesel. All of a sudden one day this (asshat) ricer had his engine almost explode. It was quite funny.
-nB
Re: (Score:3, Interesting)
A friend of mine did similar. His vehicle has two 25 gallon gas tanks. So, he routed one so it filled up from a non-obvious location and the second tank he filled up with water and used a non locking gas cap. It was not uncommon to see more than the usual amount of dead cars in parking lots, especially during last year when the price of gas spiked.
april fools? (Score:5, Insightful)
Re:april fools? (Score:5, Interesting)
Re: (Score:2, Interesting)
In this case everyone was growing to expect just that, and would therefore be taking it seriously. Or at least people that could do something about it would. Now, since nothing much has happened people are lulled into a false sense of security and become lax or start considering the threat that something big was happening on 4/1 the real joke.
Now that the hype has supsided, what better time to strike? I think that dovetails nicely with GreggBZ's earlier post about the holiday weekend (for some of us).
Re: (Score:2)
Half the world writes it 4/1 the other half 1/4, the one you use doesn't make it any better then the one they use.
It's a big world, you have to expect people to do things differently then you do...but then that would be thinking people are individuals and it's ok to be different
Re:april fools? (Score:5, Insightful)
Half the world writes it 4/1 the other half 1/4
Half? About one twentieth of the world (by population) writes it month/day or month/day/year, in the so-called "middle-endian" form. The other nineteen twentieths mostly write it day/month or day/month/year, in the so-called "little-endian" form. The ISO 8601 standard is the "big-endian form" year-month-day which is used in a few countries.
http://en.wikipedia.org/wiki/Date_format#Date_format [wikipedia.org]
Re: (Score:2)
Then again, I remember the Coalition Of The Willing well, how Micronesia, Belize and Palau had sent half their military to Iraq (I think it was what, 7 soldiers between them?), so "people were for us". (One wonders if they would have if the US hadn't threatened to withhold aid, but that's getting even more off-topic...)
Re: (Score:2)
Potato Blight for computers (Score:5, Insightful)
One of the major causes of the Potato famine in Ireland was the reliance on a single product (the potato) and an inability to shift to a more varied diet. Things like ILoveYou and Conflicker are preying on exactly the same homogeneous environment as they know that hitting one element yields massive results.
Now given that this homogeneity has been driven in part via a convicted monopolist then it really is interesting how little political attention this gets. Arguably these sorts of attacks are more of a modern challenge than "traditional" terrorism and against a background of economic woe we can all do without a bunch of companies getting taken offline for a few days or suffering from industrial espionage.
We don't learn from history, we don't apply history to new cases we just stand back in amazement after letting homogeneity develop at the impact that a relatively simple flaw can have across a large group of people.
Re:Potato Blight for computers (Score:4, Insightful)
Yeah, because obviously the answer is to have a hundred different systems with a hundred different sets of vulnerabilities. That will be much easier to keep patched.
Re:Potato Blight for computers (Score:5, Insightful)
Re:Potato Blight for computers (Score:5, Insightful)
Or, since the barrier to entry is so low as far as blackhats are concerned, ALL systems end up being more insecure and virus-ridden and no one benefits.
Or virus-writers will pick, instead of the top 1, the top 5, or the top 50% of systems, and target those. Unless it were a truly heterogeneous network, with every single person having their own hand-crafted OS and application set, there will be viruses because people, dammit, want to see the dancing bunnies.
Reference: http://www.codinghorror.com/blog/archives/000347.html [codinghorror.com]
Clearly (Score:2)
That was the suggestion.
Patch? (Score:5, Insightful)
well, actually you got a point but you come at it from the wrong angle.
The problem is that thanks to the net, EVERY COMPUTER IS THE SAME. Internet capable...
Effecticly, this is to sexually transmitted virusses as all of us screwing everyone else at the same. The internet is a gangbang of computers.
What this leads to is that no matter how obscure your OS and the bugs on it, someone somewhere will know about it and have, thanks to the sheer size of the net, have thousands if not hundreds of thousands of targets.
There may not be many amiga's left but if they were all infected, it would still be a nice botnet.
Re: (Score:3, Funny)
What is this sex of which you speak?
Re: (Score:2, Interesting)
Why would you need to patch if nobody has a clue about how to attack your system?
Because if even one system in your heterogeneous environment is exploitable you have just given them an easy backdoor to the rest of your system. If all systems aren't patched up you've only created a false sense of security and you've increased your maintenance costs many magnitudes higher for some "security through obscurity" scheme.
Re: (Score:2, Insightful)
Because if even one system in your heterogeneous environment is exploitable you have just given them an easy backdoor to the rest of your system
Sure, if your sysadmin is an idiot. If one box being compromised results in full access to all boxes on the network, your system is poorly designed. Unless, perhaps, that one box is an LDAP/AD server or something.
Re: (Score:2, Interesting)
Sure, if your sysadmin is an idiot. If one box being compromised results in full access to all boxes on the network, your system is poorly designed.
Strawman argument. No where in my statement did I say anything about having full access to every other box on the network through that one node. But, once an attacker has an inlet into the network they can then move on to compromise other systems which may have greater access to other parts of the network. The simple fact of the matter is that the systems on the network are going to have to have some level of access to each other otherwise there is no point in networking them up together.
Re: (Score:2)
Effecticly, this is to sexually transmitted virusses as all of us screwing everyone else at the same.
I could make a really tasteless "screw the pooch" joke now concerning how to beat the STD problem, but I guess in the name of taste I'll abstain.
Re: (Score:2)
I run an unpatched machine with an obscure system that some friend of mine wrote. Probably anything but secure, knowing his code, but oddly, no spyware, no malware, no nothing. Why? Because it's no market either.
When you have a hundred systems all having an equal market share, any given threat can only infect 1% of the existing machines (provided they are not binary compatible). That is economically uninteresting for the malware businesses.
And yes, malware is a business. It follows the laws of capitalism. I
hundreds of vulnerabilities .. (Score:2)
Well, at least then things like Conficker would be stopped dead in their tracks, and a vulnerability in a particular system wouldn't lead to the kind of thing like the currrent virus/spam/phishing epidemic.
Re: (Score:3, Insightful)
Why? It is often only necessary to attack the weakest link in the chain. To get inside a company network and copy documents available to employees, for example, only one employee workstation needs to be subverted. That is easier if there are several different systems running - just pick the crappest one and exploit that.
Of course, it's arguable that the one system which is widely deployed in a monoculture today is in fact that one crappest a
Re:Potato Blight for computers (Score:5, Interesting)
That is the definition of 'security through obscurity'. I would not want to run an insecure system and hope to be safe because nobody else had heard about it. True security means using well-known and peer-reviewed code (but not 'well known to be crap').
Re:Potato Blight for computers (Score:5, Interesting)
Except in such a case you just have to exploit one box and you get access to the rest. There went all your brilliant planning and schemes.
No, you would probably just get access to the one box (and others identical to it). You generally would not get access to the other boxes, unless they share essentially the same vulnerability. GP's point was that a monoculture can be devastated by a single assault, but a mixed ecosystem is much more difficult to damage severely.
Minor clarification of GP post: the potato crop in Ireland in the 1840s was dominated by a single variety of potato - the Lumper - which exacerbated the effect of a single strain of potato blight. The equivalent in computers would be all PCs running the same version of Windows with the same selection of programs, patches and protections: a disaster waiting to happen.
Install your OS fresh on every boot? (Score:2)
Even with bittorrent...
1) Booting when no network available?
2) Spread viruses even faster if one or more of the seed machines is infected?
3) Microsoft's new revenue model..
1- Get people to download a new os each boot
2- Be the only place to get it from
3- Begin charging for each boot
4- Profit
Re: (Score:3, Interesting)
There are two programs included with Windows versions (XP and newer) that do pretty much this. sigverif.exe which verifies every file's signature, and sfc.exe which will compare installed Windows files against service pack files and will copy from OS media any files that have been changed or are missing.
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Re: (Score:2, Informative)
Aside from pointing out the flaws in your analogy, and the fact a patch was released four months before this exploit arrived, I think you are overlooking the massive systemic benefits of homogeny.
One could argue that computing and the Internet would not be as ubiquitous as they are today without having had a defacto standard. There is an even stronger argument at the cost savings to businesses and governments in not having to train and retrain new employees on how to use numerous computer systems.
And as f
Re: (Score:2)
there is no excuse for leaving production systems unpatched for four months.
We have a particular set of servers for an application, and the company that made the software in question (FujiFilm's Synapse PACS) does not want patches installed on those servers, or the workstations that run the client app until they confirm it doesn't conflict with their software. Thankfully, this particular patch was approved, but there are other MS patches that have not been approved in over a year (or there was when I last checked, anyway). Similarly, some other devices (like an Ultrasound machine
a defacto standard. (Score:2)
There is a defacto standard, it's called TCP/IP, SMTP and HTML
"There is an even stronger argument at the cost savings to businesses and governments in not having to train and retrain new employees on how to use numerous computer systems"
Invoking the ole cost of training FUD, I see
According to DELL 'the fundamental approach to the design and use of Desktop Computers
Re: (Score:2)
The problem isn't homogeneity, since if the full of the big three OSs carried a 1/3rd of the market, malware devs would just pick on and stick to it, evening out the load. this would actually make defense harder, since you'd have to cover all three.
The problem is end users not knowing squat about security or safety (with a heaping helping of the main OS out there being rather patchy in security).
With an educated user, most computers are almost completely secure. Most viruses, worms, etc.. rely on the use
Re: (Score:3, Insightful)
I think your anglophobic ranting has blinded you to the OP's statement and argument.
[emphasis added]
The reliance on a single product - the potato - was unquestionably one of the major factors behind the famine. The fact that this reliance had socio-political factors as its root cause is totally besides the point. The fact is that the poorest people were reliant on the ubiquitous crop as their winter staple, and that ubiquity is what allowed one blight to cause
Re: (Score:2)
Your suggestion that opposing open-source is a necessary step in increasing OS variety is weird and baseless.... o suggest open-source development discourages variety though...? Wow. What's your reasoning behind that posit?
Because Open Source is standards based development encoded into the practice. Like, there's only one Linux kernel, only one C compiler, only one bash shell.. only one Perl, only one Java... the whole concept of Open Source revolves around a brief period of competition followed by univers
Re:That's just ridiculous.... (Score:4, Interesting)
You are correct that there are only one Linux kernel, but there are other free [debian.org] UNIX kernels [debian.org] you could use instead. When it comes to compilers both LLVM [llvm.org] and GCC [gnu.org] are widely used. (LLVM is used in Gallum3D [tungstengraphics.com], the new acceleration architecture for X, and in Shark [java.net], a CPU agnostic JIT for OpenJDK. A C frontend [llvm.org] not based on GCC is in development) There are many shells. Ubuntu, a quite popular Linux distro, actually uses dash [wikipedia.org] as default /bin/sh. While it's true that only OpenJDK (if I recall correctly) passes the TCK for Java you also have competing implementations like Harmony [apache.org], what Google uses on Android. You have more competition on the parts of the Java stack that takes less [gnu.org] time [cacaovm.org] to implement.
anglophobic is stupid (Score:2)
I think your anglophobic ranting has blinded you to the OP's statement and argument.
There's nothing anglophobic about it.
First off, I'm not expressing any kind of fear, therefor, there's no phobia. In fact, if someone says, they do not like gays, whites, or spiders, they are not homophobic, white-o-phobic, or spider-phobic. Dislike is not caused by fear. So let's burst that bubble.
Secondly, merely stating history is, well, telling the truth. The British treated the Irish like dirt for a long time. I thi
Re:That's just ridiculous.... (Score:5, Interesting)
to be fair, the British government didn't deliberately starve the Irish, instead they were proponents of 'free market forces'. They didn't have supermarkets or microwave readymeals in those days, so a staple foodstuff like the potato was pretty much all you ate anyway. Of course, if you were rich you could afford meat - like the cattle raised in Ireland for English tables. The landlords got richer and the poor stayed poor.
The trouble was that the blight reduced the number of potatoes in circulation, and as other people were richer, they could afford to pay more - and so the farmers shipped their potatoes to the richer people, leaving the peasants to starve. As has always been the way.
Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports. Too late for most of course, but don't get incompetence confused with conspiracy.
There's been too much FUD about the potato famine, I suppose spread for modern political reasons. The truth is just dull, the government took a 'light touch' approach to the markets. Unfortunately this approach to 'hands off' free-trade doesn't give what society requires, with such lax input from governments, the free market doesn't always work correctly and you have monopolies appearing and abusing the freedom that should be providing a better set of choices. For computers, its no good saying "you could run Linux" if everyone needs to run Windows because of the ubiquity of software running on it.
Protectionism is the last thing you want, when you get that, you invite stagnation. There's no innovation of growth, the established parties simply try to maintain their market with what they've got. Developing new products is a significant cost - and without free trade getting in the way and allowing new entrants to the market, there's no incentive to spend. Of course you might get new upstarts appearing, but that happens so rarely, and most of them are small and get killed off by the established big players either by being bought out (name any MS product really) or having their market destroyed (eg IE v Netscape).
Ultimately the government needs to step in and support open standards, making sure everyone works with them. Then you can have much better spread of heterogeneous systems as they would work together, giving people the ability to choose an alternative to the dominant product.
Re:That's just ridiculous.... (Score:4, Interesting)
Protectionism worked for the US from the 1800's all the way up till the 1980's. We got to the moon using protectionism as an economic tool. I'm just saying.
Ridiculous or not. (Score:4, Informative)
Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports.
As you say, there has been a great deal of bunk written about the Hunger in Ireland in the late 1840s. However, you may have added to it.
Irish ports were closed to food exports in the previous famine in 1783, but not at any time in the 1840s or 1850s. Ireland remained an exporter of food (mostly grain & cattle) in great quantity during the Hunger. What food aid arrived in Ireland was the result of charities, not the British government. In fact, the British attempted to prevent food aid from arriving from some other countries. http://en.wikipedia.org/wiki/Great_Irish_Famine [wikipedia.org]
There was also a lesser famine in Scotland at the same time, caused by the same over-reliance on potatoes which were hit by potato blight. http://en.wikipedia.org/wiki/Highland_Potato_Famine [wikipedia.org] This caused great hardship in the Highlands, but food aid provided directly by the British government meant there were relatively few deaths from starvation or malnutrition-related diseases.
actual article (Score:5, Informative)
Re:actual article (Score:5, Interesting)
Re: (Score:3, Funny)
Holy shit, I'm going to hide under my desk now. Call me when it's all over.
Re: (Score:2, Funny)
Holy shit, I'm going to hide under my desk now. Call me when it's all over.
No Problem,
I'll email you an attachment that will explain what happened and why everything is ok.
Be sure to read it.
Re: (Score:3, Insightful)
I suspect the former, but hope it's the latter.
Re: (Score:3, Insightful)
Re: (Score:2)
Oh my god, am I behind Conficker?
Re: (Score:2, Funny)
Re:actual article (Score:5, Funny)
also it looks like http://www.confickerworkinggroup.org/ [confickerw...ggroup.org] [confickerw...ggroup.org] is down
I can still get to it... you must be infected!
(Ok, ok, i'm just joking, it doesn't load for me either. It seemed a lot funnier when i first started typing it :P )
Eye chart (Score:5, Funny)
On a side note, that eye chart the Conflicker Group had up no longer works.
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html [confickerw...ggroup.org]
Re:Eye chart (Score:5, Funny)
Works for me.
Re: (Score:2)
google cache [209.85.229.132] still works.
only the 3 important images will load though. if they don't you may be infected (or you may have a bad connection)
I gotta ask (Score:3, Interesting)
Why didn't someone infected with this, say last month, change their pc clock ahead to April 1 to see if it downloaded stuff or not? Then April 2, then April 3, etc.
Duh.
Re:I gotta ask (Score:5, Informative)
Conficker gets it's time from a lot of different time servers, not the local machine. I think the author might have thought about that when designing the worm...
Re: (Score:2)
I think it has counter measures against it too. It is not a trivial VBasic junk. It is one of the most advanced professional worms to date.
Even basic shareware has counter measures against messing with clock like that.
Don't forget that it is not only local code, it gets payload with p2p. So if you can fool it with date, you won't be able to fool the host part.
Re: (Score:2)
Even basic shareware has counter measures against messing with clock like that.
Yet somehow the windows vista beta didn't :o
Re: (Score:2)
You have to understand the difference. On one hand you have software written by professionals with high skill, a good quality control, nice paychecks and other motivations, strict deadlines and a quite professional, ambitious and goal focused leadership.
And then you pit that against MS. C'mon, be fair!
Re: (Score:3, Informative)
You certianly can man in the middle attack it. slowly skew the time with your own NTP server.. then look to where it's going to ask for it's next feeding and then attack that vector. and yes you CAN attack a P2P distribution vector.
Re: (Score:2, Interesting)
The AC is confused though; researchers did all of that, they even have some sort of access to the randomly generated domain list (I get the impression that they have the algorithm, rather than doing some sort of playforward attack as is being discussed here) that is checked for downloads. The core issue is that there had not been anything to download, so all they were able to do was (potentially) confound the operators.
I would go so far as to say that they have been attacking the p2p vector, but since it re
Re:I gotta ask (Score:5, Informative)
Conficker doesn't use the internal system clock; it polls various websites to find out the real date.
If it can't connect to those websites, or gets an unexpected response, it assumes it's in a closed network and holes up.
Re:I gotta ask (Score:5, Informative)
Why didn't someone infected with this, say last month, change their pc clock ahead...
First of all, I'm sure that the payload itself wasn't made available until the last minute.
Second, if it were me who wrote the virus, I would have written it to *start* looking for a payload, start looking in no particular place, and continue looking until it's been found. Considering that it's getting its payload from an established botnet, it could just be poking around looking for machines that can give it its payload and the payload wasn't made available until today.
When you have control of as many machines as the Storm or Waledac botnets, the world really is your oyster. You're not restricted by IPs, and if your botnet is large enough, you can just iterate through addresses looking for a system that has your payload for you. Without access to the botnet or the payload, it doesn't matter how much you reverse engineer or adjust your clock, you just can't predict what will happen in the future.
Ahhhhhh... (Score:5, Funny)
Re:Ahhhhhh... (Score:5, Funny)
The Mac Archipelago finds it amusing, too. *Cheers!*
Re:Ahhhhhh... (Score:5, Insightful)
The parts of the Windows mainland who install security patches are also amused. I'm sure we'll all be amused right up until the Internet we all share with the infected losers goes all wonky.
Re:Ahhhhhh... (Score:5, Funny)
Even though I'm joking, let the "Troll" modding begin.
Re:Ahhhhhh... (Score:5, Funny)
Re:Ahhhhhh... (Score:5, Funny)
Don't forget the Linux games!
- Why Isn't My Wireless Working? (Fun for the whole family!)
- Write Your Own Driver
- rm -rf ~/* roulette
- The Uptime Game (See how long your server's up! Prizes for +100 day or 6 sigma uptimes!)
- Condescension (Make Windows users feel so bad about their OS they switch to *nix. Bonus points for Gentoo.)
Anyway, Linux has tons of games for the creative and inquiring mind.
Re: (Score:3, Funny)
Ever have one of those moments... (Score:5, Informative)
When you realize you are uncontrollably in love with someone? That you and this person sitting beside you are soul mates? That you were meant for each other?
That moment for me came a few weeks ago. Yes, my wife and I have been married several years, but she was a Windows user when we met. Sure, she'd grown up in a diverse family - both Macs and PCs, but most of her experience was on Windows.
About a year ago I replaced Windows with Ubuntu on the family laptop. She kind of grudgingly went along with it.
Then, last week we were watching the news when the anchor broke the story of conficker. Without missing a beat, she turned to me and in roll-your-eyes-I-can't-believe-they're-so-stupid kind of voice said:
"That's a Windows thing, isn't it?"
"Yep," I replied.
"Hmmm. Sucks to be them, I guess..."
Linux evangelists take note: sometimes it takes people *years* to come around. But when they do, when they realize they no longer have to WORRY about viruses and other Windows-specific crap, it's priceless.
Re:Ever have one of those moments... (Score:4, Funny)
That's actually one of the saddest thing I've read for a long time. I hope she never elopes with a Windows 7 install.
Re:Ahhhhhh... (Score:4, Funny)
The Windows 7 testing delegation would like to tell the Linux Island group to kiss [LOST CARRIER]
Why the doom and gloom? (Score:5, Funny)
Re: (Score:3, Funny)
Remove the stone of geek!...Append the stone of evil genius!
Although if that does happen, expect a call from some well dressed men in a nice car, with blacked out windows, on Monday afternoon.
Re: (Score:3, Insightful)
No. It is the only news.
Re:Blame Obama (Score:4, Funny)
for example...
If you look at the facts the conficker virus and waladac botnet are CLEARLY parts of a vast left wing conspiracy which is obviously fronted by obama because the democrats want to take as much of your processing power as they do your income
Re: (Score:3, Funny)
Re: (Score:2)
You're new here, aren't you?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)