Slashdot Mirror
Conficker Worm Asks For Instructions, Gets Update
KingofGnG writes "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."
Sounds like an awful lot of work. Maybe move to a different OS?
Ok, sure. It's a lot of work if you look at it in a simple fashion of throwing an Ubuntu CD at some user and saying "SUCK LESS THX"
How about the hours that go into training one or many users in a company on using that new OS? Compatibility problems? Setting up specialized software?
System hardening is more cost-effective decision versus switching OSes or having to clean up every computer that comes up with the problem. It takes about two hours at most to do it from scratch on one system image, then you can reimage as many computers that come up with the problem.
Posts not to be taken literally. Almost everything is sarcasm.
If the payload for all of these infected hosts affects traffic across the Internet, even Linux users may care about this issue. Don't be lulled into apathy, this is a powerful, dynamic and capable threat with some very advanced coding and routines. The developers know how to optimize their threat and squeeze a ton of trouble from its deployment. It now sits in a rather powerful position, depending on how they intend to use it. You can catch scanning hosts on your internal networks using listeners on port 445 from Linux boxes without samba. Tools like netcat or own HoneyPoint applications have proven great at finding active hosts. If you identify any on your environment, remove them immediately. The less zombie systems Conflicker has to utilize, the better!
Check out HoneyPoint, our tools for combatting the insider threat! http://www.microsolved.com/honeypoint/
It continually amuses me how the mainstream media managed to censor the name of this worm. It was originally conficker, which is slang/shorthand for 'configuration file fucker', but using the German fick instead. It was also known as 'downandup' as in the hip motion; both clearly sexual references. Since any kind of indirect reference to sex gets you scrutiny and/or shunning from the Moral Majority, suddenly we have 'downadup'.... So much better?
Windows permissions are quite fine-grained. They're much more flexible than POSIX permissions--comparable to ACLs, in fact, which fewer people use on Linux.
The problem isn't the permission scheme at all, but a combination of legacy, a ruthless dedication to backwards compatibility, and lazy software developers who don't understand the guidelines that Microsoft (now) sets forth regarding secure development from their platform. Maybe throw in a dash of OEMs setting people to administrator by default, but until the other stuff is fixed, that's the only way that they're going to sell any computers.
That said, UAC is a lot like requiring sudo without a password, except that in theory, a user process can't automatically click "ok" for you.