Conficker Worm Asks For Instructions, Gets Update

← Back to Stories (view on slashdot.org)

Conficker Worm Asks For Instructions, Gets Update

Posted by CmdrTaco on Monday March 16, 2009 @03:46AM from the wormed-its-way-into-my-heart dept.

KingofGnG writes "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."

10 of 285 comments (clear)

Who care? by Clarious · 2009-03-16 03:52 · Score: 5, Funny

I run Linux! http://xkcd.com/272/
1. Re:Who care? by Lostlander · 2009-03-16 04:46 · Score: 5, Funny
  
  What do you blaim your inability to read the mandatory preview on?
  I'm American, I don't have time to make sure I'm correct before spouting off at the mouth.
2. Re:Who care? by spacefiddle · 2009-03-16 05:06 · Score: 5, Funny
  
  What do you blaim your inability to read the mandatory preview on?
  Whatever we can blame yours on, I suppose!
  
  --
  That which does not kill us makes us... st
Re:Nitpick... by Chrisq · 2009-03-16 04:00 · Score: 5, Funny

Maybe I'm being picky here, but why does Slashdot's icon for this story depict a caterpillar? Don't the editors know the difference between a caterpillar and a worm?
That's why it's so dangerous. It mutated
I do by PinkyDead · 2009-03-16 04:03 · Score: 5, Funny

I run VMWare on Linux! http://xkcd.com/350/

--
Genesis 1:32 And God typed :wq!
Re:Dumbasses by Urd.Yggdrasil · 2009-03-16 04:15 · Score: 5, Informative

Uhh, what? I have no idea what this "JPG exploit" your talking about is. Conflicker spreads through the MS08-067 RPC vulnerability, removable media, and shared folders; nothing to do with IE or jpegs.
Re:why couldn't the instructions come from whiteha by patro · 2009-03-16 04:16 · Score: 5, Informative

The worm probably uses encyption, so it doesn't just accept any control message from unknown sources.
Re:why couldn't the instructions come from whiteha by Thelasko · 2009-03-16 04:19 · Score: 5, Informative

why couldn't someone write an update telling conficker to cease operation and uninstall itself?
Because that would be illegal.

--
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
When the payload drops, even Linux users care! by lbhuston · 2009-03-16 04:20 · Score: 5, Insightful

If the payload for all of these infected hosts affects traffic across the Internet, even Linux users may care about this issue. Don't be lulled into apathy, this is a powerful, dynamic and capable threat with some very advanced coding and routines. The developers know how to optimize their threat and squeeze a ton of trouble from its deployment. It now sits in a rather powerful position, depending on how they intend to use it. You can catch scanning hosts on your internal networks using listeners on port 445 from Linux boxes without samba. Tools like netcat or own HoneyPoint applications have proven great at finding active hosts. If you identify any on your environment, remove them immediately. The less zombie systems Conflicker has to utilize, the better!

--
Check out HoneyPoint, our tools for combatting the insider threat! http://www.microsolved.com/honeypoint/
Re:Damn by Anonymous Coward · 2009-03-16 04:27 · Score: 5, Insightful

It continually amuses me how the mainstream media managed to censor the name of this worm. It was originally conficker, which is slang/shorthand for 'configuration file fucker', but using the German fick instead. It was also known as 'downandup' as in the hip motion; both clearly sexual references. Since any kind of indirect reference to sex gets you scrutiny and/or shunning from the Moral Majority, suddenly we have 'downadup'.... So much better?