Slashdot Mirror
Microsoft Warns of Copycat Conficker Worm
nk497 writes "Microsoft is warning that malware writers have adapted a four-year-old virus to use features of Conficker to take advantage of Windows flaws. Other similarities between the adapted Neeris worm and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system. It even saw a traffic jump around the first of April, when the Conficker hype peaked. But the Microsoft researchers suggested Conficker may have copied Neeris, or that they're copying each other: 'It is possible that these miscreants somehow collaborate or at least are aware of each other's "products."'"
This is could one of two ways, either the viruses will try and outdo each other by doing more and more outrageous things to the victim's computer or (and let's face it, this would be more amusing) they'll try and kill each other to get sole ownership of the PC.
Either way, I'm glad I use Linux.
Summation 2
when will they ever get rid of that?
I work for the Department of Redundancy Department.
There are flaws that have been in Windows for four years and Microsoft haven't patched them? I can't really say I'm surprised, but to come out with warnings like this shows an incredible contempt for their customers.
"Yeah, we know, we made rubbish software, you'd better take care now."
Jeez.
http://twitter.com/onion2k
psssst...
It's conficker, not coRnficker. As in something that ficks(german for fucks) up your configuration.
I, for one, am amazed to learn that criminal software developers behave quite similarly to ordinary ones. Reusing code, copying features from industry leaders, why, they probably even use revision control systems!
Seriously, though. It would be more of a surprise if they weren't doing this. Of course players in a competitive market are going to be watching each other and adopting each others best features.
You would think that Microsoft researchers would spend more time patching Windows rather than saying idiotic things like 'It is possible that these miscreants somehow collaborate or at least are aware of each other's "products."'.
Considering Conficker has been all over the news and the maker of Neeris would have to be working in a cave beside Osama not to have seen anything about it, I dare say it is more than freakin' likely they know of each others products.
Now if only Microsoft knew as much about Windows as these guys do, we might actually get updates that that were more valuable.
flinging poop since 1969
How long before each worm includes a copy of its source code in a git repository, searches out other variants of the same worm on the infected system or across the net, and randomly exchanges patches with them to create hybrid offspring? The worm would need some way to compile itself, of course (unless written in Javascript or other scripting language where the interpreter is included with Windows).
-- Ed Avis ed@membled.com
They will shortly be releasing a tool to test your system to make sure you have the real worm and not some impostor/pirate copy of the worm. This will be an extension of the WGA program.
I don't read your sig. Why are you reading mine?
"It is possible that these miscreants somehow collaborate or at least are aware of each other's 'products.'"
Well, no shit, Sherlock. Guess they must have Internet connection too, then...
With all the resources at Microsoft's disposal, you'd have thought that they'd have come up with a specific fix. Yes, I'm aware that regularly-patched machines are better protected, but the evidence is clear that many people don't do that; (and not just the pirates, either).
If Ms supplied something that detected/removed/protected against up&down, (free, with no 'Genuine Advantage / Validation' bs), then I'm sure pretty soon all the media would link to that & the sheeple would rush to download & install... How about it, Redmond?
What makes you think MS gives a damn whether the computers their OS run on are a virus writers paradise, or that the consumer is getting screwed over? Just when have they ever shown any concern for anything besides themselves?
Microsoft Researchers... lol... are they a bit like McDonalds 'Chefs'!
Why, I very nearly dropped my monocle when I heard that the rascals might be cahoots! Perhaps they have some sort of network (a system of tubes, perhaps?) that allows them to share their diabolical plans! Fiendishly clever!
We must safeguard our computing engines! I say we must find these these rogues and hang them from the highest scaffold in the land!
I know theres tonnes of toolkit thats are being released by third parties because this worm is such an aggresive one. The issue is that people with unpatched systems are probably just as competent about the toolkits as they are about updating their system. Microsoft actually reacted to this threat quicker then most of the other exploits they experience.
If Ms supplied something that detected/removed/protected against up&down, (free, with no 'Genuine Advantage / Validation' bs), then I'm sure pretty soon all the media would link to that & the sheeple would rush to download & install... How about it, Redmond?
The virus does it's best to block attempts at removal as you'd expect, but still, you seem to be referring to something along these lines with specific instructions on detection and removal from M$, or perhaps even the Windows Live safety scanner, which despite it's crappy sounding name apparently detects and removes it.
/. and bashing the evil corporation usually results in "sheeple" modding you up, but did you really think M$ wouldn't have thought about supplying people with the means to remove the virus? Did you even check before hitting submit?
Yes I know this is
You can advertise in this sig from as little as £99.99 a month!
Disagree. Windows security issues are a major concern for Microsoft's customers, and hence to them. Apple, BSD/*x and FOSS boosters, (and yes, I'm one) regularly point out how much more 'secure' their platforms are. (Of course, as debated endlessly here and elsewhere, that may be as much a function of market share as inherent design, although few informed people would seriously challenge the latter).
Of course, it's not just the OS, it's the apps. Ms makes a lot from selling 'Office' too, which has its own vulnerabilities.
So, since the competition is 'free' (*x & Ooo) and more secure, yes, I guess they do give a damn.
Thanks, I was actually aware of all that stuff.
Now I invite you to navigate to the page you linked to - where's the big red button marked 'Worried newbie? Click here to download/do online scan now'.
Links to that button should be all over the net.
They're not. Why?
Because the media are just as bigoted as you in hating Microsoft and a solution to a problem is no longer newsworthy.
You see stories all over the press about "this accident". You don't hear about the people that cleaned it up. "The internet in X places went down yesterday" - no followup of "The internet is back for those that suffered".
Sounds like "Spy vs. Spy".
Conservative, mod down for violating
Thanks, I was actually aware of all that stuff.
Oh, sorry, I must have misunderstood when you wrote "you'd have thought that they'd have come up with a specific fix", and it was utterly stupid of me to link to a page with a specific fix.
Now I invite you to navigate to the page you linked to - where's the big red button marked 'Worried newbie? Click here to download/do online scan now'.
For those unable to read, comprehend and follow instructions there are two big blue buttons that say "Get help now". Sorry they're not red.
Links to that button should be all over the net. They're not. Why?
Put "remove conficker" into Google and you're about three clicks away from a number of downloadable removal tools. Sorry, but anyone that can't be bothered to read a little and wants a bloody great red button to do everything for them probably shouldn't be using a computer at all.
You can advertise in this sig from as little as £99.99 a month!
While doing a bit of looking around for another post in this thread I found what's basically an idiot's guide to detecting conficker. It uses pictures to show you if you have it.
This tickled my funny bone for some reason; you have to love the lets-use-pictures approach!
You can advertise in this sig from as little as £99.99 a month!
Maybe one day the 'Imitation Worm' will install a Replica OS http://www.reactos.org/en/index.html just to completely confuse the fellow malware competition. At that point Microsoft will be 'off the hook' for inviting every form of malware possible, and the replacement/replica OS will finally get lots of user testing, and perhaps eventually get released as Beta. At that point the worm only needs to remember to blue-screen periodically and run the 'Windows Replica Advantage' utility just often enough to completely annoy the user so that they don't begin to suspect anything.
Slashdot, where gross ignorance and inaccuracies warrant +5 interesting.
I disagree with that statement. IMHO, Windows users are either:
1. Concerned about viruses, but they think their machine has some magical immunity because they don't actually think their machine might ever be infected, OR:
2. Are totally clueless about viruses and spyware.
Even on forums where experienced users post, how many times have you seen a post that is something like: "I don't use anti-virus, I'm just careful where I browse and my PC has never been infected"? Replace "never been" for "I've never been aware" and you might get something close to the truth.
Again, IMHO, Windows users for one reason or another are not significantly concerned about viruses.
One of my colleagues keeps asking why people create viruses -- I keep telling him that today, they do it for profit, but he seems to have a hard time wrapping his mind around that concept. I don't think he is atypical and I think that he, like many others, just doesn't understand how harmful viruses and spyware are and hence doesn't recognize the seriousness of the threat.
The real "Libtards" are the Libertarians!
Because the media are just as bigoted as you in hating Microsoft
Don't hate Ms - check my posting history. Still think they could do a lot more on security, tho'.
Thank God there's no software copyright claims being made between these virus writers...
Says to use single quotation marks inside of double quotes.
It's all fun and games till someone divides by 0. Then it's hilarious.
With all the resources at Microsoft's disposal, you'd have thought that they'd have come up with a specific fix. Yes, I'm aware that regularly-patched machines are better protected, but the evidence is clear that many people don't do that; (and not just the pirates, either).
How about if Microsoft would mod the "malicious software removal tool" to patch only the vulnerabilities that any removed malware exploited?
I don't see the downside to this scenario. Anyone?
More music, fewer hits
sed 's/2b: unpatched/2b: unexploited/'
Me and my mad previewz skillz.
More music, fewer hits
What makes you think that security issues for MS customers actually translates into concern from MS? They have never placed security as their number one concern.
They have such a stranglehold on the marketplace that they don't care. People will buy a MS OS because it's comes on their computer when they buy it, no matter how insecure the OS is. This has been proven repeatedly over the last 20 years.
Only a small share of computer users will make a change because of security concerns and MS knows it. So, what do they do? Ignore security for the most part. Oh, they give lots of lip service to security, but that's about it. Hell, they could stop the spread of a lot of vulnerabilities just by separating read and execute permissions in NTFS, but they won't. That right there tells you that security is of no consequence to MS.
(Of course, as debated endlessly here and elsewhere, that may be as much a function of market share as inherent design, although few informed people would seriously challenge the latter).
Which part of the "inherent design" of Windows makes it less secure ?
Microsoft is widely misunderstood. People actually think it is a software company! It isn't. It's an abuse company that happens to sell software as a means of delivering abuse.
They do have their malware removal tool and have free anti-virus software coming out.
http://www.pcworld.com/businesscenter/article/154146/microsoft_drops_onecare_antivirus_product.html
That being said, there will probably still be the Genuine Disadvantage stuff.
Microsoft, Apple, Google, Amazon what's the difference? All steal money from devs and control with walled gardens.
How about, "let's run anything and everything plugged into the computer without user intervention"
Honestly, if you stole Windows, then disable the updates
Maybe, just maybe, people wouldn't "steal" it if the licence keys weren't so expensive in the first place.
Just one more reason I use GNU/Linux.
FYI, Symantec has a gratis removal tool available here. In case that helps anyone unfortunate enough to be using Windows AND infected by Conficker :P
Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
I hope you're not trying to imply that it's impossible to be safe on Windows without anti-virus. Being careful about where you browse is stupid, as any site can get hacked to spread malware.
Using common sense, like not blindly opening attachments, being behind a NAT router and/or firewall and using a web browser that isn't IE that gets updated regularly goes a long way towards being malware-free. You can go even further and implement a whitelist for programs (instead of the anti-virus blacklist, which is one of the most dumb security practices).
Security is a process, not a product.
They only give a damn about security issues that are public. Unknown ones they just sit on, as has been demonstrated several times with vulnerabilities like the Windows meta file one.
but not... the SYMPTOM!
</frank-n-furter>
No, I'm not saying this. Actually, what I am saying is that it is impossible to be safe on Windows. People claim that they have never been infected -- but the claim is bogus: the true claim should be that they have never been aware of an infection on their machine.
/. don't like to read comments about how insecure Windows is.
As you say, Security is a process. Anti-virus is one part of that, you mentioned some, but missed many. For example, running as a non-admin user is another good practice (that very few people actually adopt, since it is a pain in the ass to do this).
I'm going to post this anon, since the MS fanboys on
The funny thing is that its nearly impossible to prove the negative of "they just haven't been aware of the infection on their machine!" Your Linux box has a secret virus that only a few people know about, and has managed to hide itself so well you don't even realize you have it! Prove I'm wrong. How are you going to do that? I suppose you could run anti-virus, at which point I could say that your anti-virus just doesn't know about it. You could do checksums, until I say that it uses a weakness in the algorithm to make sure that it has the same checksum as the affected.
To prove a system - any system - virus free involves a massive amount of effort auditing the files, code, and underlying firmware. And pretty much every Linux admin out there does not go through that kind of effort. Their claims of being virus free are due to the fact of very few un-patched exploits, next-to-no in-the-wild viruses, and the fact that no suspicious activity is detected. In much the same way, I can be reasonably sure that my Windows machines aren't infected by viruses, despite not running a virus checker. If I keep my patches up to date, don't run unknown binaries, don't observe any unexpected behavior, and see no unexpected network traffic, I can be reasonably sure that my machine is not infected.
Its not impossible, as I have done it. And yes, this has been tested. Several times. I've had friends and techs come around with bootable virus-check disks just itching to prove me wrong, and walking away empty handed. So, you're wrong. You can be virus free on Windows without a virus checker. It just takes due-diligence.
I guess they do give a damn.
They only give a damn about perception, not reality. They are masters of security theatre, and have been for decades. It's a wonder they haven't been subject to a class action lawsuit.
The "user-friendly" part. Security is not friendly.
If Ms supplied something that detected/removed/protected against up&down, (free, with no 'Genuine Advantage / Validation' bs), then I'm sure pretty soon all the media would link to that & the sheeple would rush to download & install... How about it, Redmond?
They do.
Malicious Software Removal Tool
Download Link
Technical Details
You'll note said tool does not require any validation to download, anyone can download it regardless of the legality of their copy of Windows; no validation or genuine advantage required, period.
This tool is also regularly distributed via Automatic Updates/Windows Updates to help clean out any infections that computers that use these services may have contracted, either because they weren't patched, or some other mechanism that isn't due to a software vuln (e.g. USB Key Transmission).
The only thing that could be improved upon is combining the two together, but there are some people who have legitimate reasons for wanting to do one and not the other (generally, detect and remove but not necessarily patch). They are few and far between, but they do exist. And really, if you can be capable of going to a website and manually download a removal tool, you should also be able to enable AU or manually periodically go to WU/MU.
In summary: They have published the fix, free, and a removal tool, also free. Learn what you are talking about, everything you just said is already done.