Slashdot Mirror
Downadup Worm — When Will the Next Shoe Drop?
alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."
the worm is capable of downloading second-stage code for darker purposes."
So it might download vista?
And now we rediscover why monocultures don't work (and are generally not found) in nature.
It is a miracle that curiosity survives formal education. - Einstein
Use a hardware router, use a real anti-virus program that actually publishes updates everyday (Nod32 for me), and use a browser where you can kill anything that tries to auto install itself (firefox, chrome, etc).
And don't forward or respond to chain emails!
When you see it divert fractions of pennies into a bank account they control.
You'll all thank me when I deploy the second stage to install and run SETI@home and discover alien intelligence.
-Virus Author
Windows is actually far more secure than Linux. Get the facts, people.
.. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
When will Windows be ready for the desktop? Srsly.
Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.
I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
If this thing is a malicious software delivery system, wouldn't it be possible to hijack it and have it download something that removes it?
Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
That's what I thought the article was about when I read the headline...
"The Downadup worm - also called Conflicker - has now infected an estimated 10 million PCs worldwide,
Ashamed of being fucked with, victims call "conficker" now "conflicker" or with the euphemism "downadup". It does not matter, it all adds up down there if you are screwed with.
And dont use email, or browse or or or..
Only way to be 100% safe is to not be online at all.
---- Booth was a patriot ----
"If we were a proper country like Soviet Russia they would get the Siberian wolf blowjob by now."
Thanks to the internet, not only do I know that for some people that would not be a punishment,
but that others wish they were the wolf.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
3/10
"If for any reason you're not satisfied with our service, I hate you."
There's a more technical examination of the virus at https://forums.symantec.com/t5/Malicious-Code/Downadup-Small-Improvements-Yield-Big-Returns/ba-p/381717
"Politicians and diapers must be changed often, and for the same reason."
You mean Africa, with 20% of population infected with AIDS.
Taiwan has 0.1% of population infected.
This computer worm is indeed trickly. It inserts code via vulnerabilities, guesses passwords, spreads via domains if possible, and so on.
Downadup vs Morris - which one will prevail?
Round One, Fight!
"From where do you want to get pwned today?"
It's 2009... I can't believe we're still dealing with this crap in 2009.
You are in a maze of twisty little passages, all alike.
And I'm using it to 'infect' their pc's with Linux. It'll stop all future virii as well as creating a wave of happiness. Dark purposes, it's all how you look at it. Sure they'll hate me for a while, but then they'll love me and i'll reveal my identity and be a hero!
But it's "Ukraine", not "The Ukraine".
At least, that's what Ukrainians say.
Just sayin... And that's what the Ukrainian rocket scientist I know says also.
deleting the extra space after periods so i can stay relevant, yeah.
Uh huh, sure you are.
If you were truly a Linux power user, then you'd know that the Linux/UNIX security model is not conducive to the spread of viruses since any program attempting to modify system files would require root access first.
^^vv<><>BA
Windows is actually far more secure than Linux. Get the facts, people.
... Please don't feed the trolls.
Only to idiots, are orders laws.
-- Henning von Tresckow
Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.
Ahh.. that's all right then.. So you are saying more than the thirty percent mentioned will be getting it..
It is difficult to get a man to understand something when his job depends on not understanding it.
Moot point unless the only way you do anything as root is through a shell in one of the virtual terminalsor xdm. If you ever give your root password in a logged in X session, or as your user (su or sudo) your machine can be compromised. su, bash, etc. can all be replaced with sinister versions, and the next time you su to root, your password is captured.
--
WHO ATE MY BREAKFAST PANTS?
Where do I go to get a script that searches for it and removes it?
I'm sure I have coworkers that need this removed from their computers at work..
--- We need more Ron Paul!
Is the movie coming out?
A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.
Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."
Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" asked marketing marketer Steve Ballmer.
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.
"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."
"Yes," said Phagge. "Yes, they do."
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.
http://rocknerd.co.uk
Interestingly, security through obscurity is not real security.
And yet, the exact same security model is present in Windows Vista- users need to provide an administrative password to elevate security privileges for a process that requires administrator-level access, or, even if you are logged in as administrator, you need to provide confirmation to conduct administrator-flagged actions.
This is the premise behind Vista's UAC.
Notice how universally it is panned as being useless, despite being exactly the type of security model you advocate?
"It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
I've never had to deal with it, and as I don't "do" Windows, I probably never will. However, I get the impression that Vista's UAC is hated because it pops up that dialog for every, single, solitary change that's made while you're installing a program, even though you've already given the Administrator password. And, while I'm thinking of it, UAC may be based on the Linux security model, but it's certainly not a copy of it. In Linux, you give the password once, when the installation program starts, and and that's all the authorization needed. I've done system updates with forty or more packages being downloaded and installed, with old versions removed, and except for checking with me to make sure that I want it to go ahead (It asks me once, and once only, for the entire transaction.) It Just Works.
Good, inexpensive web hosting
That's 15% between the two (I'm sure Apple probably has the larger slice of that 15%), and they still don't make up the overwhelming majority. Call me when either one hits a market share of 30%. Those operating systems have holes too. Just because the majority of the people in the virus scene ignore them doesn't mean they aren't there.
If you were truly a Linux power user, then you'd know that the Linux/UNIX security model is not conducive to the spread of viruses since any program attempting to modify system files would require root access first.
There's not much the average virus needs to do that requires "modifying system files".
It's not the "security model" that's non-conducive to viruses spreading in Linux, it's the users.
An infected system can be updated to get a more destructive payload. No, really? Now that's new, no worm or trojan ever did that before!
A compromised system is open for additional infections to be chosen by the one that compromised it. C'mon, people, at least you here should react with a "no shit, sherlock!"
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
And how does that relate to the point I made?
By using OSX or linux you get both, the benefit of a system that was designed with security in mind and the benefit of a system that isn't targeted much by worm writers.
Well then, I think I'll stick to my "fringe" OS. Thank you very much.
Fail. Although Linux users are indeed generally more educated on the finer points of computing, there seems to be this persistent myth that Linux doesn't get viruses because it has such a small user base. Linux servers control a major portion of www. If those aren't prime targets then what is? Plain and simple, the Linux security model is superior.
^^vv<><>BA
no, it only works on 30% of machines.
If you mod me down, I will become more powerful than you can imagine....
Back in the nineties, I encountered a worm whose payload was to steal cycles on machines to participate in one of the RSA factoring challenges. I got a call just as Christmas break started from someone at another university saying that someone on our network was trying to brute force machines on their net.
The culprit was a new SGI machine with a default root password that had been installed without the knowledge of anyone in the computer centre. When I checked to see what it was doing, it was (a) trying to spread itself, and (b) participating in a public RSA factoring challenge.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
It doesn't matter how bad and unsafe Windows is. Microsoft Windows is like the air. People are going to keep breathing it no matter who farted in the room. People live in the most polluted places because that's where they live, that's where they work, that's where they play. I could tell you all day long about this other place... with clean air, that's safe, that's stable and all that... and most people might be intrigued but very few will vacation there and even fewer will actually move there. This is how people work.
Linux needs an Apple logo before the masses will move to it.
Yeah, but good practices like having "no open ports" and "don't execute files in every damned media you mount" are good security practices. Practices that Windows fails at. Still.
Help stamp out iliturcy.
You can find a complete and total permanent fix here or here. There are other sources, but you get the picture. We're 23 years into this Microsoft Malware problem and it's only getting worse.
Any other answer you get to this question is completely bogus.
Help stamp out iliturcy.
Did some research to try to quantify that "many"...
Based on a search at secunia.com there were a total of 10 Linux privilege escalation bugs reported for 2008.
Of those, 5 were in proprietary software packages for Linux: Acrobat Reader, MaxDB, Avaya, SSH Tectia Client, and Red Hat Enterprise Linux. Not interesting for ordinary desktop users.
Of the other 5, 1 was in KDE, so that wouldn't affect 100% of Linux users, let's be generous (the most popular free distros use Gnome) and say that's 50% of users.
Of the other 4, 1 seems to work on general Linux systems (sys_remap_file_pages() bug).
Of the other 3, 1 requires the USBLCD driver to be used or only gives group privilege escalation, 1 requires Intel G33 series or newer chipset, and 1 requires that the kernel is running as VMI guest on a x86 system. How many boxes does that cover? Not many, except perhaps for the Intel chipsets --- let's say another 50% (because I have no idea what market share Intel has).
So that's something like 2, maybe 2.5 bugs in all of 2008. Is that "many"? Matter of opinion.
Isn't targeted much by worm writers yet. That's the key difference. Once market share grows, people will start poking holes in it. Sure, they probably are more secure than Windows in a lot of ways, but that doesn't mean someone couldn't find exploits if they really wanted to.
I can't believe people still haven't heard of Noscript
It (along with adblock plus) is the reason Firefox is the most secure browser.
If this were really happening, what would you think?
WARNING: dont click on this link, just copy the wget command to a shell. Dont say I didn't warn you...
I don't care. I don't let random pages execute scripts. In fact, I have a policy of strictly not enabling scripts on any page linked from slashdot...
UAC does exactly what it is supposed to do- it pops an elevation prompt for every process that requires elevation. As far as I'm aware, you can't 'chain' processes (although whether or not you should be able to, IMNSHO, is debatable.)
Things like requiring UAC confirmation to do things like delete certain desktop shortcuts? Probably not terribly useful if you're the user, but perfectly understandable in the security context. Those shortcuts are not located in the user's home folder, but in a common home folder the user does not have access to that places them on all user's desktops. Accessing that common folder requires elevation because it messes with all the users on the system.
That said, if your system is properly configured, you shouldn't run into UAC prompts at most more than once or twice on an average day.
The problem, as you say, is that 90% of typical users want to just use the computer. Which is why the typical user's computer is infested with crap; they don't care about security, and never will. The resulting mess is not so much the fault of the operating system, which does its best to warn the user (and which the user then dutifully goes ahead and ignores) but the fault of the user.
Like this worm, for example- a security vulnerability for which a security patch was made available months ago. Any user who is still vulnerable is vulnerable because of their own lack of action.
"It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
What makes you think that a virus requires root access, or needs to modify system files?
..and before you go on that a virus can't do much to harm your system if it doesnt have root..
You have drunk some fairly ignorant koolaid, it seems.
The modern virus doesn't try to harm your system. Usualy they try to harm other peoples systems, or fill other peoples e-mail boxes and other such stuff, by using your system and network connection. They can do this using programs and services that your regular account has full rights to access and leverage, be it linux, windows, or os/x.
The idea that this security model is somehow preventative is completely ignorant. You get these viruses by being stupid, and they don't need root privlidges for that. The odds are that if you are stupid you are going to give 'em the keys to the kingdom anyways, not that they need it.
"His name was James Damore."
I've just moved my sister over to Ubuntu after she got infected with this POS mess - We've been trying to clean her Windows partition for a week and a half now, and the damn thing seems to be just about unkillable.
The interesting thing is - I set up her PC, and at this point we have no idea how the damn thing got in. She *did* have automatic updates turned on, antivirus, doesn't own a USB key, spybot, ad aware, the whole nine yards, even unto having a secure password.
And at this point, it looks as if the windows partition will need reformatted and re-done from the ground up.
Whatever it used, it sure wasn't something patched in October of '08.
Pug
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
If you're warning against clicking the link, don't include it in your own post. Thank you.
My sig will be released in 2015 third quarter. Rating pending.
Fail. Although Linux users are indeed generally more educated on the finer points of computing, there seems to be this persistent myth that Linux doesn't get viruses because it has such a small user base.
That is an important factor. However, by far the biggest reason is - as I said - because Linux users don't represent anything like the exploitability as Windows users.
It's not because there are fewer of them - although that certainly plays a non-trivial part - it's because Linux users are far (*FAR*) less likely to let a virus into their system, either by leaving known security holes unpatched, or by the more common method of being socially engineered into executing it.
Linux servers control a major portion of www. If those aren't prime targets then what is?
Desktop PCs run by ignorant end users outnumber Linux servers tens of thousands to one. Why would you try to aim a virus whose success is largely predicated on a low level of knowledge and experience from the victim, at systems run by seasoned professionals ?
Or, to put it another way, not only will you be able to exploit something like 50,000+ desktop PCs to every web server, when you do exploit the average desktop PC, chances are extremely low it will ever be detected, so you basically have the run of the machine. However, if you exploit the average web server, chances are extremely high your intrusion will be detected and fixed within a matter of hours or days.
Plain and simple, the Linux security model is superior.
The classic UNIX security model (as used by most Linux installs) is demonstrably inferior to Windows NT's.
THIS is a Dick Roll.
http://www.accountkiller.com/removal-requested
Malware for OSX is being written already (remember infected pirated iWork on torrents?). But full-scale infections like that of Downadup are yet to be seen.
practice a little proper surf handling and you wont even need a anti virus software or spyware. Firefox scans downloads, and you can see the ftp origins anyways before you download it. Where you go what you do has a lot to do with protecting your PC, and antivirus programs are bloated and useless for the most part. Activate your drive logs and use SDfix or combo fix (http://www.myantispyware.com/2007/11/09/sdfix-free-trojan-remover-tool/ )if need be firefox has a little window that shows you all your cookies. If you don't want to relog on to all your accounts by deleting all your cookies...
Every time new virus or worm hits about half of PC world I wonder what the mystic keeps people using Windows. I think it is a kind of mental disaster that may be compared to drug addiction. Is it market inertia? Is it some kind of world domination conspiracy of American government? Or what it could be? People think that worms and viruses are normal for any computer and no one from i.e. Apple of FOSS community do not bother to explain that viruses and worms can live only in Windows.
Who can explain why people still buying that piece of crap?
In order for a 'virus' to work, it has to inject code into a binary or a script. The parents point is that a regular account does *not* have write-rights to any of the programs and services he uses.
Given the lacklustre security history of NT servers and desktops, the world eagerly awaits your demonstration.
You know, as a guy who learnt to install solaris before he learnt to install windows 3.1, and a linux user since 1995, and openbsd sine 1997 or so, I count myself as a pretty knowledgeable unix person.
And it makes me cringe everytime I see some newbie spout these lines.
Here are some facts to enlighten you:
1) The Morris worm did not run on windows.
2) Dr. Cohen, you know, the guy who did the original research on computer viruses, did his research on unix and vms.
Now, I will grant you that the situation has improved since then, but certainly not to the extent that you're now treating it as snake oil - no, UNIX will not fix everything and make you coffee as well.
Given the lacklustre security history of NT servers and desktops, the world eagerly awaits your demonstration.
Per-user ACLs vs User/Group/Other.
All OS objects have ACLs, vs applying permissions only via filesystem abstractions.
Superuser vs none.
The key difference is that the Unices have had a security model from day 1 while windows started as a single-user system.
Linux alone (not counting other Unices) is approaching 20% market-share in the server market which is potentially more attractive to malware writers because the hosts are usually better connected and better equipped. The reason we rarely see botnets span significantly into the server-area is not that the bad guys wouldn't be trying (look at your server-logs sometime) or because the average server-admin was better qualified (look at the millions of broken default installs from various hosting providers). The reason is that it's, on average, a much harder target.
Unix systems have proper firewalling, capability constraints, process accounting etc. built in. They're more transparent and easier to harden - which is exactly what would happen if we'd start to see more widespread attacks.
The mechanics of software security are not exactly rocket science when layered bottom up. Windows is troubled because they basically sprinkled one thin layer of "security powder" on the outside of an otherwise wide open core. Consequently your "personal firewall" is implemented as an afterthought and can be trivially bypassed from an unprivileged account. Such tricks are a bit harder to pull off on OSX or linux.
Newbie huh? I work in information security at a fortune 100 company. I manage 1000 Solaris 10 servers and have been running Linux (Slackware) exclusively for nearly a decade.
Sure, Linux viruses do in fact exist. Are they widespread? No they are not, because they are not easily spread to other Linux boxes.
FYI, worms and a viruses are not the same thing. Although Linux worms are also uncommon.
^^vv<><>BA
Yup, newbie. If you can't even take the time to read Dr. Cohen's PhD dissertation to understand why the "security model" you were talking about did not work (and what has changed to reduce that issue in recent years), but instead tell me that you manage 1000 servers and so on, you're a newbie or a pfy. Working in a F100 company in security is not such a big fucking deal, I have that on my resume too, 5 years of that shit. So what?
And I understand the differences between worms and viruses. But you're splitting hairs.
Surely the major isps which hold 99% of all users, could just block the ips/dns names/hosts that the bad guys use in eastern europe/russia.
Personally, unless you have friends in said country, I would firewall *ALL* of ips in said countries at the client/business level.
Is there a country based block configurator? or whitelist western countries only, if there was a simple gui app that did this for windows/linux/routers and made free, it would help a lot of users be protected.
Or the ISP could ask you on application of account - block all of russia/china/EastEU ?
Liberty freedom are no1, not dicks in suits.
The NT kernel might have better security than Unix, but none of that is available to most NT users (pre-Vista). I don't know about XP Pro, but XP Home has very limited flexibility for permissions.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Not to be a total pedantic ass, but isn't the name of the virus "Cornficker", not "CornFLicker"? Cornficker is bad enough, but I must say Cornflicker makes the mind reel...
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.