Slashdot Mirror
Conficker Worm Asks For Instructions, Gets Update
KingofGnG writes "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."
Seriously, and why can't they agree on one name?
If people would stop downloading free_porn.jpg from 4chan, renaming it to free_porn.exe, and running it... we would not be having these problems.
If people would stop jumping to conclusions and assuming the answer is that simple, we would not be having these problems.
Who modded him insightful? This virus isn't spreading because of people doing something clearly shady, it's because Internet Explorer still has the JPG exploit unresolved. The user can simply view a webpage with a malicious image (which could just be a 1px whitespace) and it executes the malicious code. I've dealt with many computers in the past months since it surfaced.
Solutions? Don't use IE. Use SpyBot Search & Destroy to harden the systems, use Firefox with Adblock+ and NoScript. Use an antivirus program that actually has a webguard, such as Avira.
Posts not to be taken literally. Almost everything is sarcasm.
Sounds like an awful lot of work. Maybe move to a different OS?
Faster! Faster! Faster would be better!
Sounds like an awful lot of work. Maybe move to a different OS?
Ok, sure. It's a lot of work if you look at it in a simple fashion of throwing an Ubuntu CD at some user and saying "SUCK LESS THX"
How about the hours that go into training one or many users in a company on using that new OS? Compatibility problems? Setting up specialized software?
System hardening is more cost-effective decision versus switching OSes or having to clean up every computer that comes up with the problem. It takes about two hours at most to do it from scratch on one system image, then you can reimage as many computers that come up with the problem.
Posts not to be taken literally. Almost everything is sarcasm.
If the payload for all of these infected hosts affects traffic across the Internet, even Linux users may care about this issue. Don't be lulled into apathy, this is a powerful, dynamic and capable threat with some very advanced coding and routines. The developers know how to optimize their threat and squeeze a ton of trouble from its deployment. It now sits in a rather powerful position, depending on how they intend to use it. You can catch scanning hosts on your internal networks using listeners on port 445 from Linux boxes without samba. Tools like netcat or own HoneyPoint applications have proven great at finding active hosts. If you identify any on your environment, remove them immediately. The less zombie systems Conflicker has to utilize, the better!
Check out HoneyPoint, our tools for combatting the insider threat! http://www.microsolved.com/honeypoint/
>>How about the hours that go into training one or many users in a company on using that new OS? Compatibility problems? Setting up specialized software?
Still probably cheaper than having your entire network (and all corporate data, financial plans, product designs, confidential data, HR information, payroll, etc.) owned by a botnet and copied to who-knows-where.
It continually amuses me how the mainstream media managed to censor the name of this worm. It was originally conficker, which is slang/shorthand for 'configuration file fucker', but using the German fick instead. It was also known as 'downandup' as in the hip motion; both clearly sexual references. Since any kind of indirect reference to sex gets you scrutiny and/or shunning from the Moral Majority, suddenly we have 'downadup'.... So much better?
Windows permissions are quite fine-grained. They're much more flexible than POSIX permissions--comparable to ACLs, in fact, which fewer people use on Linux.
The problem isn't the permission scheme at all, but a combination of legacy, a ruthless dedication to backwards compatibility, and lazy software developers who don't understand the guidelines that Microsoft (now) sets forth regarding secure development from their platform. Maybe throw in a dash of OEMs setting people to administrator by default, but until the other stuff is fixed, that's the only way that they're going to sell any computers.
That said, UAC is a lot like requiring sudo without a password, except that in theory, a user process can't automatically click "ok" for you.
UAC is a lot like requiring sudo without a password
Thank you. That explains just about everything right there.
www.lucernesys.comHorizon: Calendar-based personal finance
It doesn't require a password if you're running on an account that would otherwise be an admin. If you need elevation on a standard account, you have to enter the username and password of an account that does have admin privileges.
This is not an OEM issue -- MS does this also. If you get an MS XP installation disk, install it and add users, the users will be Administrators. In fact, MS has made things more difficult since WIn2k -- under XP, the only options under the Contol Panel "Users" dialog are "Limited User" or "Administrator". Finding the option to exercise a more fine-grained control over user permissions is difficult -- most users won't find it at all. Since "Limited Users" can't control the network, a "Limited User" can't connect the wireless in a laptop to a new AP, which pretty much 100% of laptop users want to be able to do.
Under Windows 2000 (IIRC) more fine-grained options were much easier to find.
Summary: don't blame OEMs -- this is a problem that is 100% MS's making.
The real "Libtards" are the Libertarians!
I agree with you on the point that most people use computers in a rote and unimaginative fashion. However, I think in some respects people do care what program/OS they use, just not for the right reasons.
For example, a couple weeks ago I saw my new receptionist sitting at her desk with a laptop wedged between herself and the monitor for her desktop. When I asked her what she was doing, she explained that she was entering some data into excel -- a simple two column "item,price" type thing. I told her I want her to use our spreadsheet (openoffice) using her office computer so the information would be saved in the proper place, and I sure as heck didn't want a windows machine connected to my network in any fashion. She said, "But I need to use excel because it will add the numbers automatically." !!! I showed her that sum(a1:a20) was the same in both.
I know she is not happy that she has to use openoffice -- she has made comments a number of times about how much more she likes windows in general. So, while her computer use is completely rote, she does have an unfathomable preference for windows.
As an aside, I don't understand why community colleges focus on teaching specific applications -- they should focus on teaching application concepts. Rather than "excel", they should teach working-with-spreadsheets. Rather than "Word", they should teach key wordprocessing concepts. These types of office programs haven't had anything actually new in them, aside from spellcheck perhaps, since the 80s. There is simply no excuse for teaching a specific program - just how useful is WordPerfect for DOS knowledge anymore? I feel like I hit Shift-F7 in WP a lot. Can't even remember what it was for now.
What changed under Obama? Nothing Good
Well... if you are a malware author....
the VAST majority of users are not savy. Lets say the 80/20 rule applies, you can do 20% of the work to get 80% of the benefit. Its probably even bigger than that. The point is, you can do a LOT of extra work to get to the small percentage of people who take basic precautions.... then its even more work to get the small percentage of them who take more than basic precautions...
But... your first cut hit a million nodes... is all that work worth it to bump it up to 1.1 million?
And then... the saavy people are more likely to notice you, and remove you quicker anyway. So its a short lived benefit, for a shit ton of extra effort.
Its like blackjack at the casino. Optimum play gives a slight edge if you count cards. However, the vast majority of players don't even try. Even less are any good at it, or disciplined enough to take advantage.
Its not to the casino's advantage to catch every person who tries to keep a count. Only to notice and kick out the ones who are really good at it, and try to make lots of money.
-Steve
"I opened my eyes, and everything went dark again"
ZOMFG!!!
a linux virus infected 3500 machines 7 years ago!?
man, you put me to silence about win-vs-linux security!
I will instantly stop mocking windows for the dozens of botnets that spawn every day and have several hundred million PCs infected so far and infect tens of thousands of PCs every day...
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes