Discussion on:
View:
Show:
I give up. I must be too focused on geek things, but I don't get it. Can you explain about the burn thing? I just know I'm setting myself up, but I had to ask.
Then read down from Jason's first post. I suspect Jason's problem is that he's using penetrating oil as his lubricant...
Omnipotent my friend, yet I being one of those that is ultimately curious I want to learn from everyone.
thank our deity of choice that I am not omnipotent. Were I so, I'd be having more fun than a little bit!
Others might think differently.
Others might think differently.
Never mind that the direct effects of Conficker are small (to date), it is a nuisance even for organisations that are meticulous in guarding against it. My major public sector client had all of its servers down for 2 hours to get rid of it, which is no mean cost in man hours and inconvenience.
On my little home & office network I am keeping on top of it, but cannot get rid of it. I am currently in the process of organising for tech support from my anti-virus tool provider to dial in to get to the root of the problem. Again no small cost in effort and money if I have to take time out from earning fees.
It keeps intervening to prevent security updates. This means hand cranking downloads from the various sites by changing the network set-up to fool it long enough to make connection. My laptop is updated using my 3G when I am on the train.
If I was not paranoid and aware of the symptoms it would be very easy to sleep walk into trouble. This is a persistent and professional job. It is not a joke. I just don't want to be its unwitting victim.
On my little home & office network I am keeping on top of it, but cannot get rid of it. I am currently in the process of organising for tech support from my anti-virus tool provider to dial in to get to the root of the problem. Again no small cost in effort and money if I have to take time out from earning fees.
It keeps intervening to prevent security updates. This means hand cranking downloads from the various sites by changing the network set-up to fool it long enough to make connection. My laptop is updated using my 3G when I am on the train.
If I was not paranoid and aware of the symptoms it would be very easy to sleep walk into trouble. This is a persistent and professional job. It is not a joke. I just don't want to be its unwitting victim.
Yesterday (04/01), we just had a few new SPAM emails received.
Today, the amount of SPAM received has multiplied by about 5 times over what we had been receiving before the 1st and we expect it will continue to get worse. In addition, the number of rejects from SPOOFED email have multiplied about the same amount.
Today, the amount of SPAM received has multiplied by about 5 times over what we had been receiving before the 1st and we expect it will continue to get worse. In addition, the number of rejects from SPOOFED email have multiplied about the same amount.
As long as I have the right idea of what actually happens with conficker.
My understanding is that it randomly picks its domains. I had also read somewhere but am not sure how true it is that all infected computers pick the same domain.
I was thinking what happens if the domain that holds the commands is actually waiting for all of these infected computers to pick its domain before sending the command. This could neally mean that it is possible that the creators dont even know when it will go off.
My understanding is that it randomly picks its domains. I had also read somewhere but am not sure how true it is that all infected computers pick the same domain.
I was thinking what happens if the domain that holds the commands is actually waiting for all of these infected computers to pick its domain before sending the command. This could neally mean that it is possible that the creators dont even know when it will go off.
what these guys look like, The virus writers.
I try not to be judgmental (Everybody is to some degree) I see a handful of severely overweight guys working out of an inconspicuous trashed apartment littered with dirty clothes, pizza boxes, and empty ice cream containers. While waiting for the virus?s response from their hijacked victims they alt-tab back to their life devoted (other than pissing in Cheerios ) game of world of warcraft. I guess when you have never had a date, never been laid, don?t have a life, and your idea of a good time is watching Star-Trek reruns, your only option is to take it out on society. So I guess it is good they are programmers of we would have another shooting on our hands.
No offence to TR members who are WOW players, fans of star-trek, and weigh a few extra pounds
I try not to be judgmental (Everybody is to some degree) I see a handful of severely overweight guys working out of an inconspicuous trashed apartment littered with dirty clothes, pizza boxes, and empty ice cream containers. While waiting for the virus?s response from their hijacked victims they alt-tab back to their life devoted (other than pissing in Cheerios ) game of world of warcraft. I guess when you have never had a date, never been laid, don?t have a life, and your idea of a good time is watching Star-Trek reruns, your only option is to take it out on society. So I guess it is good they are programmers of we would have another shooting on our hands.
No offence to TR members who are WOW players, fans of star-trek, and weigh a few extra pounds
That you may be surprised. The experts seem to think that the latest malware, especially Conficker is done by highly motivated professionals. There is big money in this.
I work on 50 machines a week in my little shop. I've had 5 "IE quit working" phone calls all fixed with MS System Restore and I've had 5 computers in my shop with "IE quit working" problems which will work with Firefox and are IE unfixable as far as I can make out. Not sure if any of these are Conflicker. The same problems listed for Conflicker have been happening a long time as far as I can tell. Who knows if it's Conflicker or the regular problem stuff, WinAntivirusPro2009, Smitfraud, etc.???
If the patch for MS08-0657 was installed. If it's installed then the problem isn't Conficker.
More and more have began to talk of things happening in the technology world. well i say let them happen. the world of IT must stand together against those who use this gift of knowlegde for the root of evil.
Like antivirus 2009 and spyguard 2008?
How do you stop people from clicking? You can warn them, but they don't really listen.
Of course, people need to be careful when visiting search result links - they need better judgment, and to be able to identify bad sites. "Legitmate" site owners need to better maintain their sites from being SQL-injected, compromised by XSS and CSRF, etc. Some browsers and add-ons are better at protecting against this than others, but some people can't be bothered to make decisions every time a warning is issued - they just click through.
However, there are a lot of OS and app vulnerabilities that have never been patched, even years after identification. Those could definitely be patched.
As far as the *AV 200x malware goes, it is extremely easy to get rid of, and what it does is try to get you to buy the fake product, and keep paying for the junk. You just have to not fall for the BS, and clean up the system. The darn thing sits right in Program Files directory.
It only gets on the system through user interaction - BUT - it has been known to lock up the browser until you click on the pop-up, at least with some browsers, or when certain settings are engaged or disengaged. Failing all else, a hard shutdown is the answer - don't click on the malware pop-up.
Again, there are definitely vulnerabilities that should be patched, and security models that could be much improved, but malware like *AV 200x works almost entirely through social engineering, and the only patch for that lies with the end user.
Of course, people need to be careful when visiting search result links - they need better judgment, and to be able to identify bad sites. "Legitmate" site owners need to better maintain their sites from being SQL-injected, compromised by XSS and CSRF, etc. Some browsers and add-ons are better at protecting against this than others, but some people can't be bothered to make decisions every time a warning is issued - they just click through.
However, there are a lot of OS and app vulnerabilities that have never been patched, even years after identification. Those could definitely be patched.
As far as the *AV 200x malware goes, it is extremely easy to get rid of, and what it does is try to get you to buy the fake product, and keep paying for the junk. You just have to not fall for the BS, and clean up the system. The darn thing sits right in Program Files directory.
It only gets on the system through user interaction - BUT - it has been known to lock up the browser until you click on the pop-up, at least with some browsers, or when certain settings are engaged or disengaged. Failing all else, a hard shutdown is the answer - don't click on the malware pop-up.
Again, there are definitely vulnerabilities that should be patched, and security models that could be much improved, but malware like *AV 200x works almost entirely through social engineering, and the only patch for that lies with the end user.
I really like the depth and breadth of the explanations.
Unfortunately, I don't think the sheer genius of the Conficker developers can hold a candle to the sheer unwillingness to install one single patch. It is baffling in the utmost.
Why the confusing collection of names?
1. Anti-malware vendors compete in every way.
2. They don't care to work it out otherwise.
3. "I saw it first."
4. FUD - making it appear as though there is more out there than there really is. Making it appear that your product intercepts something theirs does not.
If they just made it very obvious that a simple patch would cover you, in this particular instance, where would all these security types be? Without all the funding, that's where. It should be studied, though, as all the evil mechanisms of the thing could ride on a variety of future vulnerabilities. There just wouldn't be as much support for all the activity that is currently happening.
(Ha. Thought TR was flaking out again, but I guess it was just a "busy signal", as I was trying to start a discussion at the same time.)
Unfortunately, I don't think the sheer genius of the Conficker developers can hold a candle to the sheer unwillingness to install one single patch. It is baffling in the utmost.
Why the confusing collection of names?
1. Anti-malware vendors compete in every way.
2. They don't care to work it out otherwise.
3. "I saw it first."
4. FUD - making it appear as though there is more out there than there really is. Making it appear that your product intercepts something theirs does not.
If they just made it very obvious that a simple patch would cover you, in this particular instance, where would all these security types be? Without all the funding, that's where. It should be studied, though, as all the evil mechanisms of the thing could ride on a variety of future vulnerabilities. There just wouldn't be as much support for all the activity that is currently happening.
(Ha. Thought TR was flaking out again, but I guess it was just a "busy signal", as I was trying to start a discussion at the same time.)
Be really wild. Yet another conspiracy. I'm not ruling it out, though. It seems that the good rule is getting beat up pretty bad lately.
when "culture" or "self-interest" (enlightened or not) do just as well. I find they are much more pervasive, extensive, and powerful than conspiracy.
You make a great deal of sense. Those terms run a lot deeper, don't they?
by the people who are distributing this thing.
Let's not lose sight of where the real criminal behavior is.
Let's not lose sight of where the real criminal behavior is.
Have an idea? Discussed acting on this idea with at least one other person? Conspiracy.
Of course, it does include the connotations of secrecy and also negativity, usually.
I don't think anyone has forgotten the origin of the malware as a root of the problem. I hope that the developers do get nailed. Evil *********s.
Of course, it does include the connotations of secrecy and also negativity, usually.
I don't think anyone has forgotten the origin of the malware as a root of the problem. I hope that the developers do get nailed. Evil *********s.
proof yet that 1 person didnt do it on their own. However, likey there was a small group of people who created this, i.e. conspiracy.
I do not know the source of the conspiracy, also, I would doubt it being the Chinese govt. with all of the money they are dumping into the US, and elsewhere. They are currently profiting too well to harm us massively. Also, it would be bad to 'test the waters' for an attack like this, just to see if it would work. However, they may incorporate the strategy behind this for future attack planning.
What we most likely have is a few dirtbags trying to profit in some way.
I do not know the source of the conspiracy, also, I would doubt it being the Chinese govt. with all of the money they are dumping into the US, and elsewhere. They are currently profiting too well to harm us massively. Also, it would be bad to 'test the waters' for an attack like this, just to see if it would work. However, they may incorporate the strategy behind this for future attack planning.
What we most likely have is a few dirtbags trying to profit in some way.
Nicely explained Michael. We will just have to wait and see what happens on April 1st. I have my Systems all up to date and I will do a major Backup on the 31st Mar just in case. Keep these informative articles comeing as it is a good heads up to what is happening out there.
Ah, but whose April 1st are we talking about? Our's (Oz) or their's (not Oz)?
TFIC
TFIC
I first assumed that it would depend on the system clock of the computer, but that's not logical and wouldn't work correctly as you have pointed out.
I'm starting to wonder if that would be one avenue to defeat this problem. Change the date and the 50,000 domain names would be wrong.
I'm starting to wonder if that would be one avenue to defeat this problem. Change the date and the 50,000 domain names would be wrong.
I'll have to look for the link to the site where I read this.
Ah. Since I've not yet cleared my browser history:
http://www.pcworld.com/article/161809/conficker_to_phone_home_on_april_fools_day.html?tk=rss_news
Ah. Since I've not yet cleared my browser history:
http://www.pcworld.com/article/161809/conficker_to_phone_home_on_april_fools_day.html?tk=rss_news
As well and it yet again amazes me as to how well thought out this malcode is.
Is that Conficker developers appear to want the infected computers to be viable. If Conficker was a destructive piece of malware it would be a whole different story.
but at the same time destructive malware is obvious that its there, even to the untrained, And is more likely to be fixed or removed. Malware that just sits, waiting, is the scary kind, because there may be no warning until your machine is used to spam, ddos, distributed crack, what have you.
And this trend will continue as malware writers shift their focus from damage to profit.
Conspiracy: The Chinese Government is sponsoring Conficker in order to make a high-profile exploit out of a vulnerability that would have easily been patched except for WGA limitations, and thus create a media frenzy over MS's unwillingness to keep the internet safe. This will lead to a reduction and or removal of the WGA process, benefiting China and other countries with very high Windows piracy levels. Leveraging this new computing security and freedom, they will proceed to reverse engineer Windows Update, BITS, and MS command/contol, and take over all the worlds MS machines. Using this giant bot net they will attempt to extort 5 million dollars from the UN.
And this trend will continue as malware writers shift their focus from damage to profit.
Conspiracy: The Chinese Government is sponsoring Conficker in order to make a high-profile exploit out of a vulnerability that would have easily been patched except for WGA limitations, and thus create a media frenzy over MS's unwillingness to keep the internet safe. This will lead to a reduction and or removal of the WGA process, benefiting China and other countries with very high Windows piracy levels. Leveraging this new computing security and freedom, they will proceed to reverse engineer Windows Update, BITS, and MS command/contol, and take over all the worlds MS machines. Using this giant bot net they will attempt to extort 5 million dollars from the UN.
I've never heard of that take on the situation before. Definitely has logic on it's side.
For an article. I'm trying to separate fact from sensationalism. I starting to suspect that much of that is being held back.
conficker is the work of a 14 year old Russian boy. Heard anything about this? Or is it just office gossip?
Ghost net, yeah, my feeling is a lot of it is being held back as well. Seems to me that this kind of activity has to be going on all over, from all parties, its just the first one discovered. Think the NSA doesn't have a ghostnet like entity?
Ghost net, yeah, my feeling is a lot of it is being held back as well. Seems to me that this kind of activity has to be going on all over, from all parties, its just the first one discovered. Think the NSA doesn't have a ghostnet like entity?
Maybe Im wrong but didnt they show a 14 year old Russian kid on the 60 minutes piece?
but Im wondering if anyone has any backup data for 60 minutes. And why ONLY 60 minutes? How did they scoop the internet as a whole on this?
some of the statements they made on that program; seems the 16 year old script kiddie was misrepresented! I got that from the Washington Post.
Mike Horowitz of ComputerWorld had already written a review of the 60 Minutes piece about Conficker:
http://blogs.computerworld.com/the_conficker_worm_on_60_minutes
http://blogs.computerworld.com/60_minutes_missed_the_elephant_in_the_room
http://blogs.computerworld.com/the_conficker_worm_on_60_minutes
http://blogs.computerworld.com/60_minutes_missed_the_elephant_in_the_room
60 Minutes has not gotten a single story right in its entire 40 year run! They have a track record of consistently skewing facts and cutting interviews to make a story "play" the way they want. The program is NOT an unbiased news show. It is a "news-based" entertainment show. Do not trust its "facts."
into a daytime drama series. and they never quite get to a conclusion by the end of the "60 minutes". So your no better off than you were before you started watching.
At work we have a pretty good firewall and restriction as to what is downloaded.
At home We have 2 MAC's (laptop for my son arrived Friday) and one dying - sometimes working PC (over 5 yrs old). I hope it doesn't amount to much, but those backups are being done . . . if we have it and back up and restore it, will it hit us next year on April 1?
At home We have 2 MAC's (laptop for my son arrived Friday) and one dying - sometimes working PC (over 5 yrs old). I hope it doesn't amount to much, but those backups are being done . . . if we have it and back up and restore it, will it hit us next year on April 1?
Very little will happen initially. What April first is about is a possible attempt to get all the infected machines organized into a botnet.
If and when that happens then things may start to occur:
1. A tremendous increase in spam.
2. Really nasty DDoS attacks
Either of which may just saturate the system, due to the total number of coordinated computers.
If and when that happens then things may start to occur:
1. A tremendous increase in spam.
2. Really nasty DDoS attacks
Either of which may just saturate the system, due to the total number of coordinated computers.
April 1st, the crap was actually making it to my end box, instead of the junk folder. But Windows Secrets, a well known forum for PC enthusiasts was forced to redirect at nearly the same time. They couldn't get through hotmail's filters; and I'd bet that was not coincidental.
MSN probably planned the new filtering to coincide with conflicker - plus or minus a few days. It is the first time I've had to add a trusted contact manually in my hotmail.
I use MSNs service precisely because of the success of their spam filtering. I've had less trouble than others I know that use Yahoo! or gmail. And those individuals are pretty carefull about leaving their addresses laying around the web.
MSN probably planned the new filtering to coincide with conflicker - plus or minus a few days. It is the first time I've had to add a trusted contact manually in my hotmail.
I use MSNs service precisely because of the success of their spam filtering. I've had less trouble than others I know that use Yahoo! or gmail. And those individuals are pretty carefull about leaving their addresses laying around the web.
A mere 15 the last I looked.
And, since they discontinued their "classical" interface, even for Premium clients, it now has that ubiquitous Fisher-Price look and feel.
I use Netaddress, which employs Brightmail's spam filtering system, and provides for up to 256 filters, each of which allows up to AND conditions to be concatanated.
And, since they discontinued their "classical" interface, even for Premium clients, it now has that ubiquitous Fisher-Price look and feel.
I use Netaddress, which employs Brightmail's spam filtering system, and provides for up to 256 filters, each of which allows up to AND conditions to be concatanated.
Thanks deep, I may have to look into that! I'm looking at their sight now - they related to USA Today?
Dang! So many projects-so little time!!
I gotta admit, though - hotmail has been pretty spam free for me. When they do have problems they are usually taken care of within 24 to 48 hours.
Sure beats the ISPs server based cr@pmail!
Dang! So many projects-so little time!!
I gotta admit, though - hotmail has been pretty spam free for me. When they do have problems they are usually taken care of within 24 to 48 hours.
Sure beats the ISPs server based cr@pmail!
Just wish that they'd have let me keep the classical interface.
USA.net is owned by Perimeter eSecurity; see http://www.perimeterusa.com/index.php . They're as global firm; the last contact I had with tech support was with guys in Iceland!
USA.net is owned by Perimeter eSecurity; see http://www.perimeterusa.com/index.php . They're as global firm; the last contact I had with tech support was with guys in Iceland!
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
