Slashdot Mirror
Conficker Downloads Payload
nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."
It's about damned time. Can we stop reading about this daily now?
"So long and thanks for all the fish."
Downloading its payload and going live a week after April 1? Now that's the way to do an April Fools joke.
This guy's the limit!
Bots and spammers typically wait for the holiday weekends; like playing your starters against their backups.
I think it would have been more logical for conficker to download it's payload on the 1st of April itself, so that people would take the threat less serious.
One of the major causes of the Potato famine in Ireland was the reliance on a single product (the potato) and an inability to shift to a more varied diet. Things like ILoveYou and Conflicker are preying on exactly the same homogeneous environment as they know that hitting one element yields massive results.
Now given that this homogeneity has been driven in part via a convicted monopolist then it really is interesting how little political attention this gets. Arguably these sorts of attacks are more of a modern challenge than "traditional" terrorism and against a background of economic woe we can all do without a bunch of companies getting taken offline for a few days or suffering from industrial espionage.
We don't learn from history, we don't apply history to new cases we just stand back in amazement after letting homogeneity develop at the impact that a relatively simple flaw can have across a large group of people.
An Eye for an Eye will make the whole world blind - Gandhi
http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/
On a side note, that eye chart the Conflicker Group had up no longer works.
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
The greatest revenge in life is massive success.
Why didn't someone infected with this, say last month, change their pc clock ahead to April 1 to see if it downloaded stuff or not? Then April 2, then April 3, etc.
Duh.
See, if you're going to go all political and off-topic, you should at least try and make some sort of attempt to link it to the story at hand...
for example...
If you look at the facts the conficker virus and waladac botnet are CLEARLY parts of a vast left wing conspiracy which is obviously fronted by obama because the democrats want to take as much of your processing power as they do your income
PLEASE, PLEASE mod parent funny
Laughter is the best medicine, except if you have a broken rib.
That was the suggestion.
Deleted
This sure is entertaining from over here on Linux Island! *sips drink*
Isn't anyone else curious to see what happens next?! I can just imagine millions of computer users starting their computers Monday morning and seeing their new goatse-themed desktop. Oh the lols...
mmmm...forbidden donut
So if people get worms like this by being dumb with their computers, just write a worm that 'maliciously' enforces the security that people should be following. If you do it right it should infect the same set of people.
Not being very knowledgeable in this area I don't know if this idea actually means anything or if its ridiculous enough to be funny.
My webcomic
O my God, run it has got self aware
well, actually you got a point but you come at it from the wrong angle.
The problem is that thanks to the net, EVERY COMPUTER IS THE SAME. Internet capable...
Effecticly, this is to sexually transmitted virusses as all of us screwing everyone else at the same. The internet is a gangbang of computers.
What this leads to is that no matter how obscure your OS and the bugs on it, someone somewhere will know about it and have, thanks to the sheer size of the net, have thousands if not hundreds of thousands of targets.
There may not be many amiga's left but if they were all infected, it would still be a nice botnet.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I think your anglophobic ranting has blinded you to the OP's statement and argument.
[emphasis added]
The reliance on a single product - the potato - was unquestionably one of the major factors behind the famine. The fact that this reliance had socio-political factors as its root cause is totally besides the point. The fact is that the poorest people were reliant on the ubiquitous crop as their winter staple, and that ubiquity is what allowed one blight to cause such devastation. As you said yourself, it was all they had.
It's a good analogy, and you've needlessly muddied the waters by misreading and over-extending the OP's point.
Your suggestion that opposing open-source is a necessary step in increasing OS variety is weird and baseless. I'll grant you that completely free trade (as in "without restriction") would facilitate monopoly-practice and in turn engender a monoculture, which is how we found ourself in the current mess.
To suggest open-source development discourages variety though...? Wow. What's your reasoning behind that posit?
Meta will eat itself
to be fair, the British government didn't deliberately starve the Irish, instead they were proponents of 'free market forces'. They didn't have supermarkets or microwave readymeals in those days, so a staple foodstuff like the potato was pretty much all you ate anyway. Of course, if you were rich you could afford meat - like the cattle raised in Ireland for English tables. The landlords got richer and the poor stayed poor.
The trouble was that the blight reduced the number of potatoes in circulation, and as other people were richer, they could afford to pay more - and so the farmers shipped their potatoes to the richer people, leaving the peasants to starve. As has always been the way.
Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports. Too late for most of course, but don't get incompetence confused with conspiracy.
There's been too much FUD about the potato famine, I suppose spread for modern political reasons. The truth is just dull, the government took a 'light touch' approach to the markets. Unfortunately this approach to 'hands off' free-trade doesn't give what society requires, with such lax input from governments, the free market doesn't always work correctly and you have monopolies appearing and abusing the freedom that should be providing a better set of choices. For computers, its no good saying "you could run Linux" if everyone needs to run Windows because of the ubiquity of software running on it.
Protectionism is the last thing you want, when you get that, you invite stagnation. There's no innovation of growth, the established parties simply try to maintain their market with what they've got. Developing new products is a significant cost - and without free trade getting in the way and allowing new entrants to the market, there's no incentive to spend. Of course you might get new upstarts appearing, but that happens so rarely, and most of them are small and get killed off by the established big players either by being bought out (name any MS product really) or having their market destroyed (eg IE v Netscape).
Ultimately the government needs to step in and support open standards, making sure everyone works with them. Then you can have much better spread of heterogeneous systems as they would work together, giving people the ability to choose an alternative to the dominant product.
http://www.smbc-comics.com/index.php?db=comics&id=1478#comic
Your suggestion that opposing open-source is a necessary step in increasing OS variety is weird and baseless.... o suggest open-source development discourages variety though...? Wow. What's your reasoning behind that posit?
Because Open Source is standards based development encoded into the practice. Like, there's only one Linux kernel, only one C compiler, only one bash shell.. only one Perl, only one Java... the whole concept of Open Source revolves around a brief period of competition followed by universal adoption of one solution per a problem domain - mirroring current practices in the academic world. Even now, although Linux prides itself on having more than one window manager, things have coalesced around two, and one of those is not going to survive. So, really, to be open source, is going to ultimately reduce variety. The academic culture with Linux just doesn't see a point to continual competition, preferring consensus instead. Consensus means, everybody agrees on one.
I'm sorry to point out the disadvantage of this approach, but ultimately, a lot of people, outside of this context, would actually hail this as an advantage.
This is my sig.
I think your anglophobic ranting has blinded you to the OP's statement and argument.
There's nothing anglophobic about it.
First off, I'm not expressing any kind of fear, therefor, there's no phobia. In fact, if someone says, they do not like gays, whites, or spiders, they are not homophobic, white-o-phobic, or spider-phobic. Dislike is not caused by fear. So let's burst that bubble.
Secondly, merely stating history is, well, telling the truth. The British treated the Irish like dirt for a long time. I think they are a super ally to the USA and I would exclude them from any vision I have of an American withdrawal from NATO... the Continent can go do what it will, but the USA should always stand beside the UK just as much as the UK has stood beside us... not only in Iraq, but also in the Pacific during late WWII..
This is my sig.
You're new here, aren't you?
Coder's Stone: The programming language quick ref for iPad
I'm sure these guys are vulnerable..
http://slashdot.org/article.pl?sid=07/02/26/149209
Submarines and gunboats running windows could easily have their network infected and will all be subject to zero-day vulnerabilities which is what these advanced botnets are starting to take advantage of.
http://news.google.com/news?q=power+infiltrate
With the possibilitiy of the power grid being infiltrated, it highlights that you need little more than a USB memory stick on an internal network to be infected.
-Tim
Even with bittorrent...
1) Booting when no network available?
2) Spread viruses even faster if one or more of the seed machines is infected?
3) Microsoft's new revenue model..
1- Get people to download a new os each boot
2- Be the only place to get it from
3- Begin charging for each boot
4- Profit
You are correct that there are only one Linux kernel, but there are other free UNIX kernels you could use instead. When it comes to compilers both LLVM and GCC are widely used. (LLVM is used in Gallum3D, the new acceleration architecture for X, and in Shark, a CPU agnostic JIT for OpenJDK. A C frontend not based on GCC is in development) There are many shells. Ubuntu, a quite popular Linux distro, actually uses dash as default /bin/sh. While it's true that only OpenJDK (if I recall correctly) passes the TCK for Java you also have competing implementations like Harmony, what Google uses on Android. You have more competition on the parts of the Java stack that takes less time to implement.
Spelling/grammar nazis welcome (English is not my first language and I am trying to improve my spelling/grammar)
I have to disagree strongly with you here. You have it exactly backwards.
Each example you give is dead wrong. One Linux kernel? Not so. One C compiler? Not even close. One bash shell? Nope, wrong again. Every one of those has more than one product line or version or competing product in wide usage, not to mention other complete alternatives, like using a BSD kernel in a Debian system.
The "whole concept of Open Source" most certainly does not revolve around universal adoption of one solution to the detriment of any other. That's one great distinguishing feature of the open source model - choice.
I'm beginning to find it enormously frustraing that people, regardless of the topic, continue to piss and moan about problems that there is no realistic solution to. Whaa, the economy is bad, but people are too PC to put a significant Import tariff in effect, to balance out the "cost savings" of shipping our industries overseas. People complain about gun violence, but don't allow DC to ban handguns in the city (since there is SOOO much hunting on the Mall).
This is the same scenario. You can't create a secure environment for networking computers because you need to have a set series of standards so that they can all communicate. You also can't put the genie back in the bottle, and take the prevalence away from Internet usage. So what are you left with? A set of systems that are easily exploited because they are all set to comprehend a common set of instructions.
Why don't we quit the whining, and do away with this assinine concept of security, and understand that sandboxing, and ONLY sandboxing, will ensure the integrity of your valuable system's information and applications. That's it, so instead of worrying about being "secure" why not make it so nothing that can be gained from being exploited is worth the hassle?
"This is the value of a summer spent and a winter earned"
When you realize you are uncontrollably in love with someone? That you and this person sitting beside you are soul mates? That you were meant for each other?
That moment for me came a few weeks ago. Yes, my wife and I have been married several years, but she was a Windows user when we met. Sure, she'd grown up in a diverse family - both Macs and PCs, but most of her experience was on Windows.
About a year ago I replaced Windows with Ubuntu on the family laptop. She kind of grudgingly went along with it.
Then, last week we were watching the news when the anchor broke the story of conficker. Without missing a beat, she turned to me and in roll-your-eyes-I-can't-believe-they're-so-stupid kind of voice said:
"That's a Windows thing, isn't it?"
"Yep," I replied.
"Hmmm. Sucks to be them, I guess..."
Linux evangelists take note: sometimes it takes people *years* to come around. But when they do, when they realize they no longer have to WORRY about viruses and other Windows-specific crap, it's priceless.
The society for a thought-free internet welcomes you.
No, this is Slashdot. And as you proved so eloquently yourself, you don't need to add anything relevant/funny/smart to the conversation to join in.
"But this one goes to 11!"
"One could argue that computing and the Internet would not be as ubiquitous as they are today without having had a defacto standard"
There is a defacto standard, it's called TCP/IP, SMTP and HTML
"There is an even stronger argument at the cost savings to businesses and governments in not having to train and retrain new employees on how to use numerous computer systems"
Invoking the ole cost of training FUD, I see
According to DELL 'the fundamental approach to the design and use of Desktop Computers has not changed in 30 years'
davecb5620@gmail.com
"Yeah, because obviously the answer is to have a hundred different systems with a hundred different sets of vulnerabilities. That will be much easier to keep patched"
Well, at least then things like Conficker would be stopped dead in their tracks, and a vulnerability in a particular system wouldn't lead to the kind of thing like the currrent virus/spam/phishing epidemic.
davecb5620@gmail.com
Protectionism worked for the US from the 1800's all the way up till the 1980's. We got to the moon using protectionism as an economic tool. I'm just saying.
There is a war going on for your mind.
Even now, although Linux prides itself on having more than one window manager, things have coalesced around two, and one of those is not going to survive.
What gave you that idea? Gnome and KDE are very different window managers, and people have very different preferences when it comes to how they work with and access the applications that they really want to use.
There will always be room for more than one desktop environment.
ERROR: SIG NOT FOUND (A)bort, (R)etry, (F)ail?:
Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports.
As you say, there has been a great deal of bunk written about the Hunger in Ireland in the late 1840s. However, you may have added to it.
Irish ports were closed to food exports in the previous famine in 1783, but not at any time in the 1840s or 1850s. Ireland remained an exporter of food (mostly grain & cattle) in great quantity during the Hunger. What food aid arrived in Ireland was the result of charities, not the British government. In fact, the British attempted to prevent food aid from arriving from some other countries. http://en.wikipedia.org/wiki/Great_Irish_Famine
There was also a lesser famine in Scotland at the same time, caused by the same over-reliance on potatoes which were hit by potato blight. http://en.wikipedia.org/wiki/Highland_Potato_Famine This caused great hardship in the Highlands, but food aid provided directly by the British government meant there were relatively few deaths from starvation or malnutrition-related diseases.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
"You know what the Ukraine is? It's a sitting duck, a road apple, Newman. The Ukraine is weak. It's feeble. I think it's time to put the hurt on the Ukraine."
"But this one goes to 11!"
Or it's a left wing plot hatched by Obama and Apple to sell more Macs and jump start the economy.
Badges!?! We don't need no stinking badges!
Now that we're talking about car thieves;
Once my car's fuel pump was busted, and I had been working with it since I tried in vain to start it.
I accidentally left the keys in the ignition at night when I went in, and in the morning we had a visitor, who asked, "what happened to your car?" "Something happened?" says me, only then spotting the empty bay in front of the garage door (not really visible from inside).
You imagine I was a little puzzled. There was no fuel pump in the car. How in heck had they driven off with it? Without really knowing what I was doing I started walking around the neighborhood, thinking they can't have gotten too far...
About 150 yards out, around the corner, there was the car, complete with the keys in the ignition (including my house keys - how's that for stupid?), the hood still unlatched, with no other sign of tampering but a dirty palm print on the white hood.
Turned out somebody had been waiting for us to go to bed. We had been sitting up till 2 AM right above the car bay, talking by an open window in the balmy summer weather. Whoever it was, had waited under the neighbor's shelter, smoking a crapload of cigarettes (~100 butts) - and taken a crap - to pass the time, then pushing the car out far enough so we wouldn't hear the starter grind.
Big fat reward there. I hope they had a sense of humor! (I kind of figure if they didn't have one, they would have vandalized the car to "get back".)
A bit offtopic, but I think it makes a good story.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
modded redundant? the parent was the only reference to this, even at -1! maybe 'redundant' means something else in the China or the Russia
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Nobody is going to post the obvious "SkyNet Lives" comment?
What kind of geeks are you (we)?
This is how Microsoft explains Conficker to the home user: Protect yourself from the Conficker computer worm
Rather well done, I think.
Many a truth is spoken in jest:
The elephant in the room is "games." If you buy a computer for fun, you probably want to play games on it, and you'll quickly learn that most halfway decent games don't run on OS X.
Apple also seems to be addressing the wrong end of the market. It's producing multi-thousand dollar machines when it's the bottom end of the market -- filled with low cost laptops and netbooks that cost a few hundred dollars -- that's on fire at the moment.
Apple's sales proposition seems to come down to this:
* Windows is for boring business people, while OS X is for everyone else. Unless they want to play games. Or they don't want to pay inflated prices. Or they notice that there are far, far more applications to choose from on a PC than there are on a Mac.
* OS X can do business too -- but not as well as a PC. But don't worry, you can buy Windows and run it on your Mac. Then it's just as good as a PC, just much more expensive.
* OS X is really secure, although actually it turns out that it's not ...
So it's not really that surprising Reuters reported unit sales of computers running OS X fell 16 percent in February, according to research group NPD, while Windows PC sales leaped 22 percent. Within that overall figure, MacBook laptops dropped 7 percent, while Windows laptops rose 16 percent. Windows desktops had a hard time in February, with sales down 10 percent, but OS X suffered even more with unit sales down a staggering 36 percent.
Apple's Challenges: Gaming to Security [April 8, 2009]
Even now, although Linux prides itself on having more than one window manager, things have coalesced around two, and one of those is not going to survive.
What gave you that idea? Gnome and KDE are very different window managers, and people have very different preferences when it comes to how they work with and access the applications that they really want to use. There will always be room for more than one desktop environment.
And there are waaay more than two window managers.
The other nineteen twentieths mostly write it day/month or day/month/year, in the so-called "little-endian" form. The ISO 8601 standard is the "big-endian form" year-month-day which is used in a few countries.
"A few countries" like Canada, Mongolia, Japan, both Republics of Korea, and both Republics of China. The use of forms like "2009-04-01" especially in East Asia takes a big chunk out of "the other nineteen twentieths", and you end up with a lot more than one twentieth who put the 4 before the 1.
there will be viruses because people, dammit, want to see the dancing bunnies.
That's what virtual machines are for. Run your personal entertainment in a separate folder from your business, and viruses that land in your entertainment VM can't easily cross to the business VM. Jeff Atwood agrees with me.
I was going to look through this and moderate, but you've saved me the trouble! this is exactly the type of cooperative community-minded effort that we so need.