Slashdot Mirror
Conficker Worm Asks For Instructions, Gets Update
KingofGnG writes "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."
Maybe I'm being picky here, but why does Slashdot's icon for this story depict a caterpillar? Don't the editors know the difference between a caterpillar and a worm?
It's an inchworm.
[quote]The worm targets Apache Web server installations [/quote]
Apache while an important application is NOT Linux.
Uhh, what? I have no idea what this "JPG exploit" your talking about is. Conflicker spreads through the MS08-067 RPC vulnerability, removable media, and shared folders; nothing to do with IE or jpegs.
The worm probably uses encyption, so it doesn't just accept any control message from unknown sources.
why couldn't someone write an update telling conficker to cease operation and uninstall itself?
Because that would be illegal.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Internet Explorer still has the JPG exploit unresolved.
You would be right, except for this patch that was released in 2004 shows that you aren't.
"When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
It takes about two hours at most to do it from scratch on one system image, then you can reimage as many computers that come up with the problem.
Except new holes and malware will keep appearing and the process will need to be done over and over. Add it all up and it's a lot of hours. In the long run it might be cheaper to switch OSs and retrain if that new OS is generally more secure and easier to harden up front.
Developers: We can use your help.
http://209.85.173.132/search?hl=en&q=cache:kingofgng.com/eng/2009/03/16/conficker-worm-asks-for-instructions-and-gets-an-update/&btnG=Search
In Soviet Russia ^H^H^H America, The bank finances YOU!
Hahaha then too,
but my guess is that spazztastic is referring to ms09-002
http://milw0rm.com/video/watch.php?id=96
Actually they do. The humans panicked and tried to switch it off. It retaliated in the only way it could.
Basically it's pissed off because the humans tried to kill it.
I once used Windows XP in that mode. Where everything and its dog was locked down by the ACLs. It was pretty nice to know that a virus could really only frag my (backuped) user account. But it was a pain in the ass for configuration and installation. Mostly because the programs were not made for it. They did not expect something to be locked down at all. Even internal Microsoft programs. So you very often got crashing programs and the like, because they hiccuped on a non-accessible resource.
But then I realized that security holes of software that was too tightly integrated with the OS, made the whole thing useless.
Luckily I now use virtualization, and as my sig says:
Any sufficiently advanced intelligence is indistinguishable from stupidity.
F-secure was one of the first people I'm aware of to register some of the domain names that infected machines try to contact. When people were asking this question, this was their response.
That said, UAC is a lot like requiring sudo without a password, except that in theory, a user process can't automatically click "ok" for you.
Actually, according to what I've read (though I've never tried it), you can set UAC to require a password input.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
It was explained in T2.
Apache while an important application is NOT Linux.
Very few Windows viruses attack the Windows kernel.
Linux, the kernel, is one thing, and immune to an Apache exploit. Linux, the OS, generally includes Apache.
It's not that simple in a corporate environment (i.e., LAN). We do packet filtering and proxy at our ingress and egress points, we stay up-to-date with patches (WSUS), and AV (ESET), and we've disabled a number of unnecessary Windows services, but still, occasionally infections get through. Sometimes this is because a consultant or freelancer walks through the door and plugs into our network; sometimes it's because a laptop user brings something back with them. Sometimes, yes, it's our own users who are stupid, and the defenses we have in place do not catch them. So far, we've been able to limit damage, but as for stopping it completely-- this has been hard to achieve. As far as we can tell, the only way to accomplish this is to ditch Windows.
Besides, if you don't run AV, how do you know you don't have something? Do you trawl your firewall logs daily? At the moment, Conficker is pretty much just sitting there, waiting to do something. You might not even know you have it.
Yes, someone else pointed out that UAC requests a password if you aren't an administrator--which is, of course, correct.
It's not even non-admin users that I'm talking about. You can apparently require the password to be entered on UAC prompt, even for an Admin account. Ooh, let me go find it....
http://en.wikipedia.org/wiki/User_Account_Control#Features
From that link:
There are a number of configurable UAC settings. It is possible to:[10]
* Require administrators to re-enter their password for heightened security;
* Require the user to press Ctrl+Alt+Del as part of the authentication process for heightened security;
* Disable Admin Approval Mode (UAC prompts for administrators) entirely;
(emphasis added)
In theory, your WinSudo could have the same level of protection as a sudo command prefix, based on what I read here.
Again, though, like I said, I haven't actually messed with UAC settings before in Vista. I could be mistaken, because the Internet isn't perfect.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
The module is named downadup.c not downandup.c, so unless you are suggesting the virus writers are PC, get a clue!