Slashdot Mirror

← Back to Stories (view on slashdot.org)

Romanians Find Cure For Conficker

Posted by timothy on from the cheer-goes-up dept.

mask.of.sanity writes "BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months. The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting. The Romanian security vendor said its removal tool will delete all versions of Downadup and will not be detected by the virus."

11 of 145 comments (clear)

  1. How long before it doesn't work? by idiotwithastick · · Score: 3, Insightful

    TFA even says that the worm can update itself, so how does BitDefender plan to distribute the worm if the worm can be updated to shut down everything that may harm it?

    1. Re:How long before it doesn't work? by NeverVotedBush · · Score: 4, Insightful

      I'm more curious why Microsoft itself can't do something like this and why a third-party company, presumably without benefit of Microsoft's source code, is able to diagnose the problem, remove the infection, and "fix" Windows.

      Instead, Microsoft is laying off workers. Perhaps they should concentrate on fixing these issues even faster -- which would probably be better for their public perception of being a virus haven -- instead of cutting staff to appease stockholder's lust for profits.

      In the long run, producing a quality OS and fixing these kinds of vulnerabilities promptly would do far more good for their bottom line.

    2. Re:How long before it doesn't work? by Anonymous Coward · · Score: 3, Insightful

      Microsoft does. They release a utility about once a month that targets and removes malware from a system. It is distributed automatically via Windows Updates but can also be downloaded and run manually. Of course since worms like this often disable Windows Update the automatic clean up vector is closed.

      Vulnerabilities exist in every system. If by "quality" you mean that it has no vulnerabilities then you are limited to running software that has only about 10 lines of code produced by the upper level students in CS101 classes, and even then some will slip by.

      It's not like Microsoft sits there and ignores these issues when they are reported. They have to be triaged, confirmed, fixed and thoroughly tested to ensure that the fix does resolve the issue without causing further problems. As is very often the case the vulnerabilities are fixed long before the exploit goes wild, but many machines remain vulnerable because that machine had not been updated for whatever reason.

    3. Re:How long before it doesn't work? by cronco · · Score: 2, Insightful

      Kaspersky is made by Russians and it has quite a few users, I believe.

    4. Re:How long before it doesn't work? by lordtoran · · Score: 4, Insightful

      I'm more curious how many people would actually install any "fix" that comes from Eastern Europe.

      A lot. Eastern Europe is renowned for having spawned many, many extremely good coders and mathematicans.

      --
      Want to hear the voice of GOD? cat /boot/vmlinuz > /dev/dsp
  2. Another link to the tool by MadUndergrad · · Score: 4, Insightful

    http://www.ubuntu.com/getubuntu/download

    1. Re:Another link to the tool by Anonymous Coward · · Score: 1, Insightful

      I checked and the bd_rem_tool isn't available on ubuntu.com, particularly that page. Perhaps you are mistaken or fucking stupid?

    2. Re:Another link to the tool by Colonel+Korn · · Score: 2, Insightful

      What exactly doesn't work? The two (three?) most-common brands (Intel, Broadcom, Maxwell) have open-source drivers (with a firmware blob in the case of broadcom)

      Is it an external card, by USB or something?

      My very common internal Broadcom card didn't work in 8.04 a couple months ago until I spent an evening on the internet finding and trying a few different sets of command line fixes. The problem was that most of them that were in Ubuntu help pages included a typo (or more than one) somewhere that didn't let me just copy/paste each line. I did manage to get it to work, but a few days later I stopped using Ubuntu because my laptop was too sluggish with it.

      --
      "I zero-index my hamsters" - Willtor (147206)
  3. That many Windows Servers unprotected and online?? by wvmarle · · Score: 1, Insightful

    [...]some 9 million Windows machines [...]. The worm [...] exploits a bug in the Windows Server service...

    Without elaborating what Windows Server service that might be... Are there really that many vulnerable, not firewalled Windows servers connected to the Internet? Or is this a Server function that has no business on a Desktop that is getting infected?

    In the first case blame the administrators (for not knowing how to properly protect a Windows server), in the second case blame Microsoft (for running servers on a desktop that should not be there in the first place). I would expect the second case as that I recall we have seen before, a virus exploiting a bug in a server function that can not even be stopped on a desktop.

  4. they should know better by juventasone · · Score: 5, Insightful

    Until the next variant which is likely due out in the next 24 hours.

  5. So confusing! by Anonymous Coward · · Score: 1, Insightful

    How exactly do you prevent this worm?

    Disable autoplay? Autoplay is a feature though.
    Disable network sharing? How annoying.
    The KB958644 patch? Does that protect you, or does it simply prevent one method of catching it?

    A cold is a cold, and although preventing it from entering your computer is an idea, the goal should be making the computer immune to whatever the vulnerability is.

    I should have a say on what programs (what a computer virus is) are allowed to run.

    What's worse is Microsoft's apparent unwillingness to let SP1 machines get patched. SP2 is more than a fix or update, it's messing with Internet Explorer adding a pop-up blocker, and it adds a firewall to your computer regardless of whether you want it. These things, coupled with some people's unwillingness to do such a thing to their computer, will probably result in more infections.

    Mod me down for "rant". I am not sure if anything I said is considered constructive, other than my hint at that Microsoft should let SP1 machines be patched for major worms such as this.