How the Conficker Problem Just Got Much Worse

I suggested that this was designed to disable/cripple the internet couple of days back, afterall, the internet is like an enemy weapons system. If it can update on it's own, that is a seriously advanced worm right? Updates usually need to be initiated by the writer I thought.

As for the writer based in China? I'd start out of Langley first, before I'd go anywhere near China, lol.

EMM

I'm a little suspicious about this whole conficker thing. Experts are talking about it calling home etc. They know about it. There is a fix, it can be removed, just like any other Worm / virus. Why is this really any different?

Heck, if they're so damned concerned, why isn't the site this worm calls blocked by IPS's? They jump at the first chance to block TPB or anything copyright related yet leave a potentially damaging worm open to call / update whenever it feels like it giving it the green light???

Something isn't right with this. Either it doesn't really exist, or there is some other motive behind this hype over just another worm.

First, to Mac users, the reason no one makes viruses for Macs is the same reason you don't have say, Ferrari thiefs in Small Town USA. Macs, like Ferraris, are rare and if you want to do damage(or steal lots of things) you need to target some thing that is popular and isn't rare.

Second, Macs have more problems then viruses. I tried getting a Mac, until none of my games would play on it cause they were made after 1904.(Ok, thats not true, I got a game made in 1914 to work, but it was a 2d game that is about 20min long) So I'd be working on making a machine that can do every thing a windows can do, including getting attention from hackers.

Third, really? With all this publicity you really think Avast, AVG, Norton, Windows, every one hasn't worked a way to fix the problem?

I think it was prolly created by one of the anti virus software companies so they can sell more units. Or Mac, after all Bill Gates owns Apple so Apple does well he does well.(I know he's a minority owner but still an owner)

Firstly,I did not read the entire thread before this response....OK

If this virus/worm/infection is as bad as some are saying...the internet is going to be the least of our problems.

The internet will be history,at least temporarily,but commerce relies on the internet too fully,many do not even remember how to do things manually because of that reliance,and the whole works will collapse the rest of the way.

Utility companies,all kinds of public and private agencies will be effected.
I personally think the internet is one of the greatest things ever created,but many rely on it for darker purposes,for profit only,for porn,for running scams.

There are many darker purposes the internet is utilized for,and it would not necessarily be bad for some if it were gone for a time.

But what would replace it?.

I am sure it will be something a bit less accesible to you and me.

Because of this,I think it was created to stifle the information exchange by people who would seek truth,by those who do not wish that their true identities and purposes be seen.

Or maybe just a lone hacker who wants to point this out.

Either way,it will be blamed on some lone wolf terrorist type by the real terrorists,who probably are the ones who created it.

Or maybe it is nothing............

Or maybe it is a scare tactic for other reasons,to get us all to do something specific within a certain time frame?

Who Knows ?......

[edit on 5-4-2009 by chiponbothshoulders]

reply to post by spurge


Read my post on the last page...

To answer your questions.

"They know about it. There is a fix, it can be removed, just like any other Worm / virus. Why is this really any different?"

... It's not.

"Heck, if they're so damned concerned"

... They're not.

"why isn't the site this worm calls blocked by IPS's"

... It is. (by most competent ones at any rate)

"hype over just another worm"

... Ta Daa! You got it in one.

The one real reason that cornflicker still exists is a combination of user stupidity (people thinking its the computers job to somehow magically protect them when they turn off auto-update, don't bother with AV, Firewalls etc etc) and a few ISP's taking the whole 'we just provide the roads the traffic isn't our problem thing too far'.

For the ISP bit you should read>Bandwidth profitability.

The greater the traffic the the greater the cash and some have no interest in cutting viral traffic because it impacts their revenue. (they charge by volume data (bits sent received) by customers, not their problem if its a virus, they can still bill you for it)

Absence.

Absence.

Originally posted by Anomen

Its weird how people are giving all of the attention in the world to pointless topics about some dude who can create portals or something weird like that... but the real important things get overlooked.

For those of you who don't know about it, let me introduce you to possibly the last thing you may ever know about the Internet; The Conficker Virus.

Don't just roll your eyes and say "oh man... another worm"... because this worm actually has the capability to destroy the Internet as we know it overnight. The Conficker virus is not your conventional virus. Its a megaworm designed to attack specifically the Microsoft Windows Operating System. It infiltrates your computer, blocks your virus software from retrieving updates, blocks you from accessing web pages such as Microsoft's Update page which pretty much makes it impossible for you to remove the virus.

Some other symptoms include but are not limited to:
account lockout/ policies being reset
domain controllers responding slowly to client requests
congestion of local area networks.


Once on your computer, the worm then starts its real dirty work. It attacks the node your Internet service is based out of infecting every computer that is also connected to that particular node. The virus then spreads through every means possible. Have a thumb drive? the second you plug it into an infected computer the virus attaches itself to the thumb drive and whatever doomed computer you plug that thumb drive into afterwards is now infected along with the entire network that particular computer is connected to as well... and this is all done silently.

The scary part of this virus is once its in... It sends for update information on its own... meaning that the millions of computers affected world wide by this virus are under the control of a single commander. He hasn't yet, but when the person behind the creation of this virus feels the need to absolutely devastate the Internet, all he has to do is send out the order and he will bring millions of computers to his mercy.

so you're thinking... how has this person not been caught yet? Microsoft has a 250,000 dollar bounty on the creaters head who is suspected to be based in china somewhere.

"What the April 1 update did was simple: It provided instructions for linking up with the thousands, perhaps tens of thousands of new nodes registered by Conficker.c over the last few weeks, effectively growing the size of the p2p botnet to a point where it can not be stopped."

for more info please see the gizmodo news article.

some information about this virus:
en.wikipedia.org...

how to tell if you're infected:
www.confickerworkinggroup.org...

more information:
www.f-secure.com...

People... this is far more than just an April fools joke now... this is real and the entire Internet is at stake.


i.gizmodo.com
(visit the link for the full news article)

[edit on 4-4-2009 by Anomen]

Amen! I had to deal with this virus last weekend. Malwarebytes removed it, I thought. However, there is a little something here and there that tells me I'm still infected.

Originally posted by Helig
@ TheDustman

I have little doubt that this bug has nothing to do with updating anti-virus because most of the folks who get hit with things like this probably don't even know how to install anti-virus software let alone maintain and update their operating systems. By and large the prey of virus writers and their ilk are the lowest common denominator, the soccer mom who is so afraid of her computer that she has to ask her 7 year old son to turn it on and off for her.

---

.i know a lot of governments who would be pretty happy with a tool like this!!

I can almost assure you that most governments and especially the United States Government have no desire to kill the internet overnight for any of the myriad of imagined reasons you will no doubt see in this thread. If the internet ceased to function in say the US then you can count so many businesses as down for the count because their DC, NYC and LA offices suddenly lost their VPN links. Think the stock market has dropped in the past few years much, it would rocket downward so fast you wouldn't have time to evacuate your lunch.

Government get their money from taxes, if the people aren't making money then they aren't paying taxes and thus some suit on the hill goes without his expensive meals and even more expensive hookers; in short if we sink they sink and vice versa.

Excuse me? I have been hit by this virus. My computer was well "protecteod" with anti virus software, but it didn't stop this virus! McAfee didn't catch it, nor did Xoft.............I had to run an online scan by malwarebytes to get rid of the virus. However, there are still signs that I'm still infected. So, it doesn't matter if you have anti virus or not, this thing has a mind of it's own. It downloaded on it's own, and started taking over.

Originally posted by aero56
Excuse me? I have been hit by this virus. My computer was well "protecteod" with anti virus software, but it didn't stop this virus! McAfee didn't catch it, nor did Xoft.............

Well, there's your problem right there: McAfee is rubbish. Never heard of Xsoft.
For awesome protection try Eset Nod32, along with Commodo Firewall and Spyware Terminator as your active protection.

Originally posted by v3_exceed

ok, Not to bash your opinion here, but the whole point of using unix based operating systems is to be able to defend against these kinds of floods.

I'm thinking your not familiar with just how much internet backbone there really is, if you think it can be flooded at all. True a million machines hitting a specific location could cause things to slow down, but only until the filters kick in and either "Tar pit" the attacking ip's or simply deny access. This kind of attack could take out your average website, but not any real link provider.

The way these floods generally work, is a windows box sends a small packet of information crafted in such a way to request a large packet of information back. The target system is so busy replying with large packets that it is unable to respond to regular web site requests, thus a denial of service. So lets consider that you preemptively tell your *nix system not to respond to those requests. Tada! website is still use able. As the system is generally being sent small packet with a request for a large packet, a *nix system can handle a whole lot of small packets without breaking a sweat.

So unless a person is naive enough to use a windows based system for a mission critical server, there is really not a whole bunch to worry about.

Thanks for reading.

..Ex

I agree with you, but not on all points. You are not safer under unix if we are talking about dos or ddos attacks, yes unix is better for serving various services but we are talking about a botnet of millions of computers, not 10,000.

You cannot tar pit millions of requests per second coming from everywhere on the planet.. we know so little about this virus that it could be much worse than simply sending packets constantly.. what if it hammers pop/imap servers? ftp? what if the virus has the ability to flood an array of different services?

How big is the Conficker threat?

The general consensus seems to be that approximately 3 million computers are infected on any given day. The number 15 million gets thrown around a lot as well, but that number includes computers that were infected and then scrubbed clean of the malware.

www.pcworld.com...

As I said, I think the virus is aimed at slowing the world down, not destroying windows. There are no ISPs that can handle ten of millions requests per second.. they ll simply unplug their stuff and wait for the virus to aim somewhere else...

thats my opinion!


[edit on 5-4-2009 by sc4venger]

[edit on 5-4-2009 by sc4venger]

[edit on 5-4-2009 by sc4venger]

Originally posted by aero56
It downloaded on it's own, and started taking over.

I think perhaps you just weren't paying proper attention and, most likely, had your automatic updates turned off.

There is not a single application that "downloads on it's own and takes over" without one of the following being true (Windows like any other Soft/Firmware is, after all, a series of logic gates):

1 - You were already infected by another trojan and someone did it for you.
2 - You went to a site that (although you may have thought it innocuous) actually ran a server side app and perhaps you had activeX's and the like automatically enabled in your browser. A lot of scammers these days tend to put what appear to be valid links in what appear to be valid emails OR on their sites that, instead, launch these server side apps that, once started, and if your security wasn't exactly up to snuff, it's all over.
3 - Someone gave you an infected media.
4 - These types of things are highly exploited on porographic web sites. Why? Because nothing sells like sex! Have you been a naughty boy or girl in your spare time? lol


As a side note, and I can't recall whom the poster was that said this about memory sticks and the like NOT being able to launch it's virus without perhaps a autorun.inf/.exe/etc..... While on a perfectly CLEAN machine that would be true, the virus itself could be completely dormant (only being attached to the device driver for the plug and play capability of the memory stick) and begin to propogate the "plugees" network once one of these mass storage devices activated the appropriate device driver. Not to counter your point which was absolutely valid.


AB1

Just reinstall windows if you get the virus

I am not saying I know what this worm is all about, but the fear being generated over it adds to the likelihood that the new "Cybersecurity Act" being proposed by Rockefeller will be passed.

link: www.motherjones.com...

Now isn't that convenient?

Originally posted by sc4venger
I agree with you, but not on all points. You are not safer under unix if we are talking about dos or ddos attacks, yes unix is better for serving various services but we are talking about a botnet of millions of computers, not 10,000.

You cannot tar pit millions of requests per second coming from everywhere on the planet.. we know so little about this virus that it could be much worse than simply sending packets constantly.. what if it hammers pop/imap servers? ftp? what if the virus has the ability to flood an array of different services?
[edit on 5-4-2009 by sc4venger]

Hi Again,
I didn't actually say 10,000. If it were not for the last 15 years of my life entrenched in providing these services, I might agree with you. It is true a botnet can cause some isp's some serious headaches. When a bot net is used to send spam, the result for the isp is an "NDR" (or non delivery receipts) bomb. The spammer will us a reply to address of one of your clients, send a bzillion messages knowing that the ndr's will be routed to your servers. If this were to actually be allowed to your email account, your email services would be useless. Now introduce tar pitting. The mail structure will be busy, but will cue up and reject everything not actuallly from your client, or for your client. The reason the concept of tar pitting was developed, was due to these attacks being presented.

The real issue would be if this virus appeared as legitimate traffic. It is much harder to block legitimate traffic as these are the people you want visiting your stuff. Rate limiting on ftp, is a trivial task at best. Unless you actually have clients in china, is very easy to block them and other countries from even being able to probe for an ftp server.

Most ISP's do not allow dns recursion. This means they will not respond to queries that they are not authoritative for. The domains that are being probed by this virus for it's updates, in most countries were blocked at the registries. So the domain wasn't even able to be registered or if it had already been registered it was revoked.

As far as Pop and Imap goes, they are constantly being hammered on by spammers, and trolls trying to brute force passwords. Mail servers by their nature are prone to abuse, and thus has had a large amount of effort to remove vulnerabilities from them. There are other services that could be attacked. Most of the other services are open on an MS machine even with the software firewall that xp/vista provides. It's these services or ports that are often the target, and it's this operating system that is, all to often, run by morons.

If you must run windows, do so behind a router. (D-link, Linksys, SMC, even a Cisco PIX.. etc.) Do not trust the xp firewall to protect you because it won't. Use some kind of antivirus, and update that frequently. If your running a webserver, or mail server using Microsoft you might think you know whats going on with it, but you really don't. The people that run windows, straight on the net with only the xp firewall, or zone alarm or any software firewall as their protection are only a temporary problem as they wont be online long.

As far as taking out an isp goes, many are on Gigabit Ethernet, and thats billions of packets per sec. so that is the million of computers hitting you times 1000. That's a lot of link.

Thanks for reading.
..Ex

The internet being a vulnerability is why EVERYONE on this site needs to work on getting HAM radios. Should anything major go down like all the "paranoid" ones think will happen, We will need means of communication. HAMs will be the new network. even then itll still be full of malicious intent and misinformation