Slashdot Mirror
Taming Conficker, the Easy Way
Dan Kaminsky writes "We may not know what the Conficker authors have in store for us on April 1st, but I doubt many network administrators want to find out. Maybe they don't have to: I've been working with the Honeynet Project'sTillmann Werner and Felix Leder, who have been digging into Conficker's profile on the network. What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will give you an honest answer. Tillmann and Felix have their own proof of concept scanner, and with the help of Securosis' Rich Mogull and the multivendor Conficker Working Group, enterprise-class scanners should already be out from Tenable (Nessus), McAfee/Foundstone, nmap, ncircle, and Qualys. We figured this out on Friday, and got code put together for Monday. It's been one heck of a weekend."
Hi, I'm the author of Conficker and the payload is to get a first post on slashdot. Get ready assholes.
rm -rf /*
for a sec i thought u said
rm -rf /.
lols at that....
"You can literally ask a server if it's infected with Conficker, and it will give you an honest answer." I asked and got no answer? Is there a specific language? I tried both english and norwegian.
C:\> lsusb
Bad command or filename.
C:\>
Hi, I'm the author of Conficker and the payload is to get a first post on slashdot.
That's it? You wrote a worm to get a first post on Slashdot? Damn. How lame are you?
My blog
We figured this out on Friday, and got code put together for Monday.
And with the ability to be remotely updated, Conficker will be immune to this by Tuesday.
You can advertise in this sig from as little as £99.99 a month!
Haven't you ever played Uplink? It is in the nature of virus creators to attempt to destroy the Internet.
Because it was created for E V I L ?
I think it's going to cause all computers to turn into a small thermonuclear bomb (that's what computers are made of, plutonium and Selenium!) and destroy the planet in the name of some stupid reason.
WE ARE ALL GOING TO DIE!!!! PLEASE START PANICKING NOW!
I'm already looting the vending machines in the lunch room and built a bunker near them with boxes of last years TPS reports, the recycling buckets make good helmets.
And they all said I over-react. Who's the fool now!
Do not look at laser with remaining good eye.
You took that seriously. How lame are you?
You took that seriously. How lame are you?
You took my post seriously, so how lame am I?
Guess my punchline wasn't snappy enough... :(
My blog
There is a virus infecting a huge number of systems and no one knows what it is destined to do.
Sir, if everyone followed your paranoid, alarmist thinking, then we'd all be afraid of Microsoft Windows itself.
Oh wait...
Rich And Stupid is not so bad as Working For Rich And Stupid.
I'll be honest, while normally the first post thing is pretty lame, writing a badass virus to do it would strike me as pretty cool and delightfully overkill.
"The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
So we have an unsubstantiated sentence by "Dan Kaminsky"? Who doesn't happen to be one of the researchers, so how does he know what he knows? That's usually the standard in "journalism", quote sources otherwise I can write a lot of stuff that's just talking out of my ass.
My Babylon
For the same reason that a bomb technician doesn't reset the timer to zero just to see what the bomb does. Sure it may be a dud and do nothing, or it may be huge and blow up in their face.
If you have even half-assed antivirus in a corporate environment, you'll be able to log into the admin console, and see what machines are infected.
You can also see when a machine was last in contact with the controller, so if a virus kills the A/V on a machine, it will stop contacting. Anything that's been over a week since contact automatically should be physically investigated.
Of course, you could be using Norton Internet Security 2009 on your corporate machines, which doesn't have this capability. But if you are, you're an incompetent moron, and shouldn't be trusted with a Gameboy, forget a multi-computer corporate network.
"City hall" in German is "Rathaus" Kinda explains a few things......
*Bzzzzzzt!*
The comment system is temporarily disabled while we resolve this revolving door bug. Apologies for any inconvenience.
Finally had enough. Come see us over at https://soylentnews.org/
I thought it was funny, one of the newscasters on 60 minutes said she just got "owned". It's funny since this is the same show Andy "I'm out of touch with reality" Rooney is on.
I use Antivirus360 on my network, my last scanner was shit, the Antivirus360 free trial found loads of infections my other scanner missed..
All that will be left is a box in Madagascar with it's ports closed.
I just passed gas and that WAS an act of terrorism..
I was thinking about a RAID array of 1980's calculator wrist watches.
seriously ? it is named "Malicious Software Removal Tool" ? so we could call it... "ms removal tool".
that's the best name of software coming from microsoft in a long time.
Rich
So, now, either it's slashdotted or ConfickerC is probably blocking them.
I think the purpose of this virus is to try to take over the world.
No problem then - Pinky will find some way to screw it up
That was supposed to be "Thoughts from England"
Ok so you did read it. And I'll assume that you are aware of what you wrote the first time. And I'll assume that you read my response. The only possible logical conclusions are either a) you don't know the different between possession and distribution (thanks blueg3), or b) you are an idiot. I'm not as generous as blueg3, I think you lack the intellectual faculties to post on slashdot. It's a low bar, but by god you've hit it.
I'm going to try though, and see if you could understand with a little coaching, and help with the big words. You claimed:
Quite straightforward. If we ignore the claim about Germany, which may be correct, you have explicitly claimed that possession of "hacker tools" can be dodgy under uk law. You've reinforced this claim with:
Note, this is identical to the first claim - that possession of "hack tools" is legally iffy in the uk. As this this claim is wrong, and it's explained to be wrong in the links that you provided, I have pointed out to you:
Ok, you claimed possession is legally iffy. I've explained that it is not, according to your own sources. Now, here is where you failed the slashdot iq test:
A completely different claim. So it doesn't back up your original claim - this is an interesting property of brand new claims that you would do well to memorise. As it is generally understood by a small partially retarded child that you can't win an argument by insisting that something completely irrelevant is true - I would beg you to seek the help of an older bigger child to read your posts before you submit them. And when necessary, to be the one responsible for battering you with the clue stick until you understand.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
Hey, you're one of those condescending Unix users.
an unfunny cliched condescending Unix loser.