How the Conficker Problem Just Got Much Worse

reply to post by TheDustman


See I don't think that would work because the patch to fix the vulnerability that Conficker exploits to gain access to the system was released a good while ago, its just those folks who for whatever reason don't apply updates that have been bitten on this one.

yep, the net goes down and TPTB have theyr net to play with..
camelot sayd this a year ago !! but again one must get hit by the car befor one gets the hint !

Originally posted by Anomen

The main effect I think we're going to see of this is a whole lot of ex windows users now turned mac user because of this virus.

[edit on 4-4-2009 by Anomen]

Or go to linux. Is this why Redhat stock has done so well the last 6 months?

This gizmodo article is very poor, the writers there really haven't got a clue what's going on, and most of the people in their comments section are just as poorly informed.

I don't know of any better general articles though I'm afraid, It's one of those topics, that's very difficult to discuss with laymen, they either end up over simplifying, or just plain being wrong, or baffling people with too many tech terms.

It's a shame really, because the more poorly educated the public is on things like this, the more they are likely to happen, but in some ways you can't expect most people to know about encrypted payloads, peer to peer technologies, the way the domain name system works, and other related topics, it's just too arcane for most people to care about.

I think the danger with it bringing DOWN the internet is not that it will disable servers that are vital, and the routers, that going to be cisco and unix/linux based primarily...but in sheer traffic, IE DDoS. Remember the Morris Worm? The Internet is mesh though, and the core actually seems fine.

And traffic could be filtered.

Doesn't matter to me if it is a single individual or collective responsible, it looks like an attempt to control the communication network that we all use. It may not be nefarious. Well, other than I'd rather people leave my pc ALONE.

I've had the thought that it is a great move to increase cyber security by getting folks to update and patch.

I do think there is an agenda to change DNS though, and anything that happens will probably be used to garner public support for that.

[edit on 4-4-2009 by hadriana]

Although Microsoft has a significant market share in the desktop market, they do not have the same market in the internet server market. True some people use Microsoft Servers for mission critical applications, many in the industry call those people morons. Please don't spout the accolades of the MS servers, as anyone with experience with servers will agree that there are inherent issues with IIS of any flavor, and MS DNS is laughable, MS Exchange, well...'nuff said.

If you are using a MS operating system for your DNS, Email or Web application, this is a perfect time to change it to a server operating system that is far less prone to failure. Linux is an obvious choice, as is Solaris, FreeBSD, BsdI, OpenBsd and Sun OS. Nobody uses an MS operating system for routing.

If it's a DDOS (distributed denial of service) Attack that you are worried about, there are several methods you can use to disallow this kind of attack. (denying ICMP type 0 is a good start) Most real world class isps already have facilities in place to stop their setup from a ddos.

This virus, and the majority of cyber based virus's are specifically crafted to exploit the MS windows operating system. The Internet will not die due to the removal of Microsoft operating systems, the Internet was around long before Windows had support for tcp networking. (Remember Trumpet Winsock?, or the TCP patch for windows 3.11?) Many buggy websites, or IE only activex controls will no longer be available, but really no loss.

All of this doom and gloom rhetoric will hardly be remembered as a hiccup in the global information highway. This virus may affect YOUR access to the internet, but the global network, will hardly notice. Good advice has already been posted, use a MAC or use Linux which has improved vastly since the early years.

Thanks for reading.

..Ex

I like how people thinks they are safe because they are on MACs or *nix...

This worm is not about destroying windows, it is about destroying the networks. The developer(s) simply used the easiest way to achieve this.. by using the most popular operating system.

Let's say the worm attacks / floods all the major internet backbones in the US and there are no more bandwidth available. I think they would have reached their goal.

Then they would be ready to do their real thing, maybe a war?

[edit on 4-4-2009 by sc4venger]

I look at this worm as a tool for economic blackmail. Considering many companies use their websites as their sole source of income ( Amazon, ebay, etc...) this malware creator can blackmail hundreds of online companies to pay a ransom or their site will be attacked. Amazon can be compromised by a DDOS attack with less than one million zombies and so far experts think Conficker has over 10,000 zombies under its control.

I wouldn't be surprised if the worm author is state sponsored or funded my terrorists or the drug cartels.

Isn't it suspicious the following events may be related. The World Bank computer network breach last fall, the subsequent world economic disaster, the trillions of dollars transferred to financial instutions and the recent G20 decision to implement a Financial Stability Board at IMF.

www.crn.com...
economictimes.indiatimes.com...

This virus is never going to succeed, because it would have to hit all computers at once, otherwise Microsoft would just release a patch and prevent the majority of Windows from becoming infected then virus companies would release a single executable to get rid of the virus (you can hate Microsoft if you like but their patches are generally very speed)...that's how it's always been, that's how it will be this time. As for taking down the internet, the best way to do that would be a way to infect Cisco routers or Linux servers, not Microsoft machines For this to succeed in any fashion, you'd have to assume that no computer geek working for Microsoft...or anything other company for that matter couldn't counter this, which is highly unlikely to impossible. You could also quarantine the virus to networks with switches.

[edit on 5-4-2009 by yellowcard]

Originally posted by Anomen

Its weird how people are giving all of the attention in the world to pointless topics about some dude who can create portals or something weird like that... but the real important things get overlooked.

For those of you who don't know about it, let me introduce you to possibly the last thing you may ever know about the Internet; The Conficker Virus.

Don't just roll your eyes and say "oh man... another worm"... because this worm actually has the capability to destroy the Internet as we know it overnight. The Conficker virus is not your conventional virus. Its a megaworm designed to attack specifically the Microsoft Windows Operating System. It infiltrates your computer, blocks your virus software from retrieving updates, blocks you from accessing web pages such as Microsoft's Update page which pretty much makes it impossible for you to remove the virus.

Some other symptoms include but are not limited to:
account lockout/ policies being reset
domain controllers responding slowly to client requests
congestion of local area networks.

OH MY GoD!!!!! People MIGHT HAVE TO REINSTALL WINDOWS and then restore a backup... You do backup if you have important things right?

Any company worth it's 2 cents would have contingency plans for this exact thing.

Destroy the internet??

Where is this guy making portals. That sounds interesting and important.

Once on your computer, the worm then starts its real dirty work. It attacks the node your Internet service is based out of infecting every computer that is also connected to that particular node.

I'd hope most ISP are not that slack. I mean, to actively infect another network from YOUR pc means you've either already got access to core system functionality, or you are already IN their system.

You're saying this thing can open doors without a key.

Anyone who doesn't run a firewall or have a hardware based one, is leaving their doors open. Sucks to be them. They have to reinstall.

The virus then spreads through every means possible. Have a thumb drive? the second you plug it into an infected computer the virus attaches itself to the thumb drive and whatever doomed computer you plug that thumb drive into afterwards is now infected along with the entire network that particular computer is connected to as well... and this is all done silently.

How does a thumbdrive run an OS to maintain this functionality? How does the worm keep alive inside it, UNTIL you run an application from it?

So it's NOT an "as soon as you plug it in" - if you have an autorun feature of sorts, then possibly and potentially the only way this would be done.

But then, now we're talking about a manual virus. Not a secret sleuth automatic the world will end, one.

The scary part of this virus is once its in... It sends for update information on its own... meaning that the millions of computers affected world wide by this virus are under the control of a single commander. He hasn't yet, but when the person behind the creation of this virus feels the need to absolutely devastate the Internet, all he has to do is send out the order and he will bring millions of computers to his mercy.

Wow... FUD FUD FUD....

so you're thinking... how has this person not been caught yet? Microsoft has a 250,000 dollar bounty on the creaters head who is suspected to be based in china somewhere.

"What the April 1 update did was simple: It provided instructions for linking up with the thousands, perhaps tens of thousands of new nodes registered by Conficker.c over the last few weeks, effectively growing the size of the p2p botnet to a point where it can not be stopped."

for more info please see the gizmodo news article.

some information about this virus:
en.wikipedia.org...

how to tell if you're infected:
www.confickerworkinggroup.org...

And slay the beast in his sleep.

Better yet, keep your doors locked, your visitors known and don't leave your Windows open....

FUD.

You can check your ports here

www.grc.com...

or in the mirror, whatever works.

Well lets all thank Al gore, after all he invented the net. Can he fix it now for us.

Originally posted by sc4venger
I like how people thinks they are safe because they are on MACs or *nix...

This worm is not about destroying windows, it is about destroying the networks. The developer(s) simply used the easiest way to achieve this.. by using the most popular operating system.

Let's say the worm attacks / floods all the major internet backbones in the US and there are no more bandwidth available. I think they would have reached their goal.

[edit on 4-4-2009 by sc4venger]

ok, Not to bash your opinion here, but the whole point of using unix based operating systems is to be able to defend against these kinds of floods.

I'm thinking your not familiar with just how much internet backbone there really is, if you think it can be flooded at all. True a million machines hitting a specific location could cause things to slow down, but only until the filters kick in and either "Tar pit" the attacking ip's or simply deny access. This kind of attack could take out your average website, but not any real link provider.

The way these floods generally work, is a windows box sends a small packet of information crafted in such a way to request a large packet of information back. The target system is so busy replying with large packets that it is unable to respond to regular web site requests, thus a denial of service. So lets consider that you preemptively tell your *nix system not to respond to those requests. Tada! website is still use able. As the system is generally being sent small packet with a request for a large packet, a *nix system can handle a whole lot of small packets without breaking a sweat.

So unless a person is naive enough to use a windows based system for a mission critical server, there is really not a whole bunch to worry about.

Thanks for reading.

..Ex

If you read up on tcp/ip history you'll learn that the original protocol today's internet works over was developed by the US D.o.D. specifically for the purpose of being practically impossible to destroy. You could take out two thirds of the network and it would still work, adapting for as long as there's a single route between two hosts.

The talk of taking down the net is utter nonsense. Windows is no doubt a predominant operating system on client computers, but anyone who takes their job seriously concerning high availability computing will and does avoid windows.

When the poo hits the fan, the scariest thing I might end up doing is paying a visit to my parents and trying to keep my cool while explaining the importance of backup for the fiftieth time.

Kind regards, M.

Here is a supposed test to see if you have the worm: www.columbia.edu...

Also, try connecting to various Antivirus websites as I've read the worm blocks your access to them. Anyone who has kept their machine up to date along with their anti virus with frequent scanning should be fine.

It does occur to me, especially with some of the responses I have seen on this thread, that Conficker has a high probability of being not a tool for financial gain, to score ego points, or to inflict as much damage on the routing backbone, and the pcs connected to it as possible. Instead, it seems likely this is a false flag in the works. Conficker will keep getting more pernicious and infectious. When the time is deemed right, it gets unleashed to do two things, one infect as many as possible with other viruses, worms, and malware, and two scare as many people as possible.

Expect to see things like blackmail email sent to those with files that make them blackmailable, lots of private or sensitive information being spammed to give the blackmail plausibility, and until countermeasures catch up and fix the damage that can be fixed, more conventional mass hacking efforts. If they do it right, there will be little opposition to a forced switch to the presumably more secure Internet 2, which will allow for all the commercial activity and porn of internet 1, but not with allowances for privacy from the governments, or sites where 'questionable' information such as here, the alex jones site, godlike, the current incarnation of youtube, etc are allowed to exist.

Cornflicker Variants: Glorious example of a Media Sensation.

1. Deleterious Effects of Cornflicker:

Bugger all really.

It does attempt to disable current AV and things which may result in the infected machine being more vulnerable to other virus infections but that's just a side effect of it attempting to protect itself.

2. Active Malware Payload of Cornflicker:

None and NO it doesn't blow stuff up.

3. What did it do on its Activation Day, wasn't it supposed to destroy the world as we know it?

No.

4. What was it supposed to do on its Activation day?

Contact a list of servers for a possible update. It did, there was no update.

5. What does it really show?

.... Stupid people are everywhere.

Infection Distribution Maps

6. Shouldn't I change my Operating system to protect myself from this kind of thing?

If you're stupid enough to think that switching away from a simple OS that you don't understand to a more complex OS that you definitely wont understand will save you go ahead. Feel Free.

7. But other Operating systems don't get infected by Viruses especially things like Linux.

Ha Ha Ha Ha Ha Ha Ha, Idiot.

8. Why is Cornflicker interesting?

Because it was written by a professional and it's the first known example of a virus to use MD6.

9. What is cornflicker REALLY?

A work of art.

It's a very good example of an updatable multi-vector test and the people who are interested in these things get the point. (but then, the people who were always serious about these things understood beforehand)

----------------------------------------
The OS vulnerability to this particular exploit was automatically patched by Microsoft on 23 October 2008 via an out of band release of Microsoft Security Update MS08-067.

Antivirus Groups have had fixes and cleaning tools available for it since LAST YEAR. The DNS list used by cornflicker to update itself has been blocked by just about everyone who known what 'DNS' means.

There is absolutely no reason for cornflicker to exist in the wild anymore part from the reasons mentioned in point 5.
----------------------------------------

And finally....



10. But can't people destroy the Internet as we know it? Should I be worried?

Yes.

But not because of cornflicker.

You should be worried about this: Psybot 2.5L Research Paper PDF

And gee whiz... That one doesn't touch windows at all...

In any case... all this computer zombie stuff is Moot.
If someone wanted to do serious damage to the Internet all they would need is 7 guys with cars and a spade...

If this continues my worst fears will be coming true.

This virus is just an inside job to assure Internet Two arrives to save the day.

We’ll wait and see.

I’m on my last thread of hope for humanity here...

peace

This worm isn't complicated at all. I'm a computer idiot yet I've managed to avoid it.

Just for a headcount, how many people here have been infected? Anyone?

reply to post by Absence of Self


LOL. You hit the nail on the head!! This thread seems to start out by 'informing' you of conflicker. However, the agenda here seems to be more Microsoft blasting. Hurry! Change your operating system now! For the love of God, while there is still time!