New Conficker worm making 1million zombies a day

Im going to chime in with a bit of information here..

You guys are completely mistaken with how you are viewing this as a traditional worm. You do NOT have to click anything, open any thing, or anything on your end to end up infected with this.

It propagates using the MS08-067 exploit. There is a known buffer overflow within the RPC service on Microsoft operating systems. By hand crafting a RPC packet with certain parameters you are able to overflow the buffer via a malformed request. This results in either a denial of service attack or worse yet the ability to run arbitrary code.

Included in most remote buffer overflows exploits is a series of hex characters that refer to a payload which gets executed after being overflowed onto the executable area stack. This is normally referred to as the shellcode.

So you send a malformed RPC request including your shellcode that will be tossed outside the buffer to a target computer. The target computers RPC service then writes to its buffer, but when we put more data into a buffer then possible, we have an overflow. Then I go ahead, write some code to cause this buffer overflow and also to add a certain shellcode outside of the buffer. If you can land that shellcode in a place where it can get executed, you're computer just got compromised.

Pretty basic explanation but should make sense then something with more programming terms.

This is how this worm spreads. It creates a buffer overflow with shellcode to open a specified port for incoming connections. Then it can download itself onto your computer though its newly found connection. Once that one gets ran on the target computer, it will keep going. Unnoticed. It only steals information, it doesn't break anything.

MS08-067 - read about it, thats the security vulnerability.

[edit on 1/21/2009 by deadline527]

Originally posted by desertdreamer

Originally posted by MASH_DADDY

Originally posted by Revolution-2012
Honestly, a firewall good one like Tiny Personal Firewall pro is one of the few things that can actually protect your system.

It has multiple levels of manageable security settings, alerts for when virtually anything is happening inside of your computer, and a trust program which allows you select any kind of program running in your computer, even the ones that slip past execution and embed themselves in the kernel, the ones that hide, the ones that have no 'task' in the Task Manager, it can even stop.

Heh.......Sorry, take the hackers advice, I know how the exploits works inside an out, take a trip to www.securiteam.com... .

I heard about Tiny Personal Firewall, have tried it and was impressed. Checkpoint Zonealarm is decent too once configured correctly. Thanks for the link

I use Comodo Firewall, and have never had any problems.

Comodo huh... another one I have to add to my arsenal!

[edit on 21-1-2009 by MASH_DADDY]

Originally posted by deadline527
It only steals information, it doesn't break anything.
[edit on 1/21/2009 by deadline527]

With stealing information = easily breaking something else

Here's an article about it today's NYT's:

Worms like Conficker not only ricochet around the Internet at lightning speed, they harness infected computers into unified systems called botnets, which can then accept programming instructions from their clandestine masters. “If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming toward us on the horizon,” said Rick Wesson, chief executive of Support Intelligence, a computer security consulting firm based in San Francisco.

They go on to discuss that it is only a matter of time before bot-herder who is behind this will launch whatever attack it is they intend to launch.
There is a division in the Comp Security community over the ethical ramifications of trying to disable the bot before it launches...

Another interesting detail is that the worm will not infect anyone who has Ukranian keyboard.

Not to be a fear mongerer but this is how the internet will be chained and beaten into submission by Uncle Sam. Be on the lookout for the term "Digital Peral Harbor" to be used a lot more. There has been a slow push for internet cencorship and taxing the sales made though the net ever since the first day it went online. Pardon the pun. I have noticed that there is a lot of discussion about digital pearl harbors of late and the dangers of the internet in terms of use by "terrorists."

It will be a virus that will cause us to lose our internet freedoms. Possibly a digital black flag op?


Again, keep your ears and eyes open for "digital pearl harbor." You will see it a lot (more than usual) over the upcoming years.

[edit on 23/1/09 by Pfeil]

Originally posted by Pfeil
Not to be a fear mongerer but this is how the internet will be chained and beaten into submission by Uncle Sam. Be on the lookout for the term "Digital Peral Harbor" to be used a lot more. There has been a slow push for internet cencorship and taxing the sales made though the net ever since the first day it went online. Pardon the pun. I have noticed that there is a lot of discussion about digital pearl harbors of late and the dangers of the internet in terms of use by "terrorists."

It will be a virus that will cause us to lose our internet freedoms. Possibly a digital black flag op?


Again, keep your ears and eyes open for "digital pearl harbor." You will see it a lot (more than usual) over the upcoming years.

[edit on 23/1/09 by Pfeil]

Digital pearl harbour, Cyber-terrorism, or even cyber-9/11, all the same thing. Hah it would not surprise me one bit.