Slashdot Mirror

← Back to Stories (view on slashdot.org)

Conficker Downloads Payload

Posted by CmdrTaco on from the still-the-best-name-ever dept.

nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."

38 of 273 comments (clear)

  1. april fools by gEvil+(beta) · · Score: 4, Funny

    Downloading its payload and going live a week after April 1? Now that's the way to do an April Fools joke.

    --
    This guy's the limit!
    1. Re:april fools by Rik+Sweeney · · Score: 5, Insightful

      I think the Conficker was going for the clichéd horror film approach. Granted, it should have really done it on April 2nd but doing it this way has probably blind sided more people.

      --
      Summation 2
    2. Re:april fools by Lumpy · · Score: 5, Funny

      That honestly would have rocked...

      April 1 - 2009 Conflicker downloads and activates it evil payload. Computer screens all over the world go black with large red numbers counting down to....... something......

      Do it like the many really bad computer hacker movies. That would simply be funny as hell. The raging panic from the easily panicked sheep, Fox news will report that Conflicker turns your computer into a bomb, etc....

      THAT would be the coolest April fools joke ever.

      --
      Do not look at laser with remaining good eye.
    3. Re:april fools by sskagent · · Score: 5, Funny

      Your computer would have to beep. All movie computers make excessive, unneeded noise.

  2. Holidy Weekend. by GreggBz · · Score: 4, Interesting

    Bots and spammers typically wait for the holiday weekends; like playing your starters against their backups.

    1. Re:Holidy Weekend. by thedonger · · Score: 5, Funny

      It's like showing up to a street race in a rickety-looking Ford Escort which secretly houses a small block V8 with nitrous.

      It's like a porn star showing up to a naked pool party for men with erectile dysfunction.

      It's like bringing a gun to a knife fight.

      --
      Help fight poverty: Punch a poor person.
    2. Re:Holidy Weekend. by Culture20 · · Score: 4, Funny

      like playing your starters against their backups.

      Could you change that into a car analogy? Thanks!

      It's like playing your things that you turn the key in that makes your engine go vroom!vroom! against their things that go Beeeeep Beeeeeep Beeeeep.

    3. Re:Holidy Weekend. by Oxygen99 · · Score: 5, Funny

      It's like rai--ai--ain, on your wedding day...

      --
      I had a dream, bright and carefree, but now there's doubt and gravity
    4. Re:Holidy Weekend. by syrinx · · Score: 4, Insightful

      The irony is that a song called "Ironic" is not ironic.

      But wait, that would mean the song is ironic after all. Which of course means that it isn't.

      --
      Quidquid latine dictum sit, altum sonatur.
    5. Re:Holidy Weekend. by networkBoy · · Score: 4, Funny

      At my old apartment we had someone stealing gas on the peak of the market.
      Since my truck is crap it was an easy target. They stole almost an entire 30 gallon tank full.

      I found out who it was by disconnecting my fill spout from the tank (and piping a new fill spout from the tool box in the bed), and putting in a mini tank on the OEM filler. Filled it with about 3 gallons of nitromethane and 2 gallons of diesel. All of a sudden one day this (asshat) ricer had his engine almost explode. It was quite funny.
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  3. april fools? by pickle_in_being · · Score: 5, Insightful

    I think it would have been more logical for conficker to download it's payload on the 1st of April itself, so that people would take the threat less serious.

    1. Re:april fools? by Norsefire · · Score: 5, Interesting

      Everyone was expecting that and was prepared for it. A week later, everyone's forgotten about it. Also with this timing if something starts going wrong now it will be difficult to get anyone to fix it until Tuesday.

    2. Re:april fools? by AliasMarlowe · · Score: 5, Insightful

      Half the world writes it 4/1 the other half 1/4

      Half? About one twentieth of the world (by population) writes it month/day or month/day/year, in the so-called "middle-endian" form. The other nineteen twentieths mostly write it day/month or day/month/year, in the so-called "little-endian" form. The ISO 8601 standard is the "big-endian form" year-month-day which is used in a few countries.
      http://en.wikipedia.org/wiki/Date_format#Date_format

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  4. Potato Blight for computers by MosesJones · · Score: 5, Insightful

    One of the major causes of the Potato famine in Ireland was the reliance on a single product (the potato) and an inability to shift to a more varied diet. Things like ILoveYou and Conflicker are preying on exactly the same homogeneous environment as they know that hitting one element yields massive results.

    Now given that this homogeneity has been driven in part via a convicted monopolist then it really is interesting how little political attention this gets. Arguably these sorts of attacks are more of a modern challenge than "traditional" terrorism and against a background of economic woe we can all do without a bunch of companies getting taken offline for a few days or suffering from industrial espionage.

    We don't learn from history, we don't apply history to new cases we just stand back in amazement after letting homogeneity develop at the impact that a relatively simple flaw can have across a large group of people.
     

    --
    An Eye for an Eye will make the whole world blind - Gandhi
    1. Re:Potato Blight for computers by Ed+Avis · · Score: 4, Insightful

      Yeah, because obviously the answer is to have a hundred different systems with a hundred different sets of vulnerabilities. That will be much easier to keep patched.

      --
      -- Ed Avis ed@membled.com
    2. Re:Potato Blight for computers by entirely_fluffy · · Score: 5, Insightful

      >Yeah, because obviously the answer is to have a hundred different systems >with a hundred different sets of vulnerabilities. That will be much easier >to keep patched. well, actually, this really is the answer - you never get rid of vulnerabilities but you can put enough variation in them that specialised viruses become less effective.

    3. Re:Potato Blight for computers by Anpheus · · Score: 4, Insightful

      Or, since the barrier to entry is so low as far as blackhats are concerned, ALL systems end up being more insecure and virus-ridden and no one benefits.

      Or virus-writers will pick, instead of the top 1, the top 5, or the top 50% of systems, and target those. Unless it were a truly heterogeneous network, with every single person having their own hand-crafted OS and application set, there will be viruses because people, dammit, want to see the dancing bunnies.

      Reference: http://www.codinghorror.com/blog/archives/000347.html

    4. Re:Potato Blight for computers by Ed+Avis · · Score: 4, Interesting

      His point was that you don't need to keep things patched as regularly if you have a wider variety of OSes because there will be less people finding vulnerabilities, less incentive to exploit them,and less hackers writing worms for a given OS.

      That is the definition of 'security through obscurity'. I would not want to run an insecure system and hope to be safe because nobody else had heard about it. True security means using well-known and peer-reviewed code (but not 'well known to be crap').

      --
      -- Ed Avis ed@membled.com
    5. Re:Potato Blight for computers by AliasMarlowe · · Score: 4, Interesting

      Except in such a case you just have to exploit one box and you get access to the rest. There went all your brilliant planning and schemes.

      No, you would probably just get access to the one box (and others identical to it). You generally would not get access to the other boxes, unless they share essentially the same vulnerability. GP's point was that a monoculture can be devastated by a single assault, but a mixed ecosystem is much more difficult to damage severely.

      Minor clarification of GP post: the potato crop in Ireland in the 1840s was dominated by a single variety of potato - the Lumper - which exacerbated the effect of a single strain of potato blight. The equivalent in computers would be all PCs running the same version of Windows with the same selection of programs, patches and protections: a disaster waiting to happen.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  5. actual article by phantomcircuit · · Score: 4, Informative

    http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/

    1. Re:actual article by phantomcircuit · · Score: 4, Interesting

      also it looks like http://www.confickerworkinggroup.org/ is down

    2. Re:actual article by dissy · · Score: 4, Funny

      also it looks like http://www.confickerworkinggroup.org/ [confickerw...ggroup.org] is down

      I can still get to it... you must be infected!

      (Ok, ok, i'm just joking, it doesn't load for me either. It seemed a lot funnier when i first started typing it :P )

  6. Eye chart by Drakin020 · · Score: 5, Funny

    On a side note, that eye chart the Conflicker Group had up no longer works.

    http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

    --
    The greatest revenge in life is massive success.
    1. Re:Eye chart by JakartaDean · · Score: 4, Funny

      On a side note, that eye chart the Conflicker Group had up no longer works.

      http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

      Works for me.

      --
      The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
  7. Re:Blame Obama by Richard.g.k · · Score: 4, Funny

    See, if you're going to go all political and off-topic, you should at least try and make some sort of attempt to link it to the story at hand...

    for example...

    If you look at the facts the conficker virus and waladac botnet are CLEARLY parts of a vast left wing conspiracy which is obviously fronted by obama because the democrats want to take as much of your processing power as they do your income

  8. Re:I gotta ask by Anonymous Coward · · Score: 5, Informative

    Conficker gets it's time from a lot of different time servers, not the local machine. I think the author might have thought about that when designing the worm...

  9. Re:I gotta ask by Z34107 · · Score: 5, Informative

    Conficker doesn't use the internal system clock; it polls various websites to find out the real date.

    If it can't connect to those websites, or gets an unexpected response, it assumes it's in a closed network and holes up.

    --
    DATABASE WOW WOW
  10. Re:I gotta ask by MyDixieWrecked · · Score: 5, Informative

    Why didn't someone infected with this, say last month, change their pc clock ahead...

    First of all, I'm sure that the payload itself wasn't made available until the last minute.

    Second, if it were me who wrote the virus, I would have written it to *start* looking for a payload, start looking in no particular place, and continue looking until it's been found. Considering that it's getting its payload from an established botnet, it could just be poking around looking for machines that can give it its payload and the payload wasn't made available until today.

    When you have control of as many machines as the Storm or Waledac botnets, the world really is your oyster. You're not restricted by IPs, and if your botnet is large enough, you can just iterate through addresses looking for a system that has your payload for you. Without access to the botnet or the payload, it doesn't matter how much you reverse engineer or adjust your clock, you just can't predict what will happen in the future.

    --



    ...spike
    Ewwwwww, coconut...
  11. Ahhhhhh... by buttfscking · · Score: 5, Funny

    This sure is entertaining from over here on Linux Island! *sips drink*

    1. Re:Ahhhhhh... by tb3 · · Score: 5, Funny

      The Mac Archipelago finds it amusing, too. *Cheers!*

      --

      www.lucernesys.comHorizon: Calendar-based personal finance

    2. Re:Ahhhhhh... by parkrrrr · · Score: 5, Insightful

      The parts of the Windows mainland who install security patches are also amused. I'm sure we'll all be amused right up until the Internet we all share with the infected losers goes all wonky.

    3. Re:Ahhhhhh... by Shrike82 · · Score: 5, Funny

      It's good that this provides you with entertainment, it must get very boring over there when you can't play any games ;)

      Even though I'm joking, let the "Troll" modding begin.

      --
      You can advertise in this sig from as little as £99.99 a month!
    4. Re:Ahhhhhh... by jimbolauski · · Score: 5, Funny

      Macs have games, Breakout, Super Breakout, ... Photoshop?

      --
      Knowledge = Power
      P= W/t
      t=Money
      Money = Work/Knowledge so the less you know the more you make
    5. Re:Ahhhhhh... by Myrimos · · Score: 5, Funny

      Don't forget the Linux games!

      - Why Isn't My Wireless Working? (Fun for the whole family!)

      - Write Your Own Driver

      - rm -rf ~/* roulette

      - The Uptime Game (See how long your server's up! Prizes for +100 day or 6 sigma uptimes!)

      - Condescension (Make Windows users feel so bad about their OS they switch to *nix. Bonus points for Gentoo.)

      Anyway, Linux has tons of games for the creative and inquiring mind.

      --
      Internet scofflaw
  12. Why the doom and gloom? by castironpigeon · · Score: 4, Funny

    Isn't anyone else curious to see what happens next?! I can just imagine millions of computer users starting their computers Monday morning and seeing their new goatse-themed desktop. Oh the lols...

    --
    mmmm...forbidden donut
  13. Patch? by SmallFurryCreature · · Score: 5, Insightful
    Why would you need to patch if nobody has a clue about how to attack your system?

    well, actually you got a point but you come at it from the wrong angle.

    The problem is that thanks to the net, EVERY COMPUTER IS THE SAME. Internet capable...

    Effecticly, this is to sexually transmitted virusses as all of us screwing everyone else at the same. The internet is a gangbang of computers.

    What this leads to is that no matter how obscure your OS and the bugs on it, someone somewhere will know about it and have, thanks to the sheer size of the net, have thousands if not hundreds of thousands of targets.

    There may not be many amiga's left but if they were all infected, it would still be a nice botnet.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  14. Re:That's just ridiculous.... by gbjbaanb · · Score: 5, Interesting

    to be fair, the British government didn't deliberately starve the Irish, instead they were proponents of 'free market forces'. They didn't have supermarkets or microwave readymeals in those days, so a staple foodstuff like the potato was pretty much all you ate anyway. Of course, if you were rich you could afford meat - like the cattle raised in Ireland for English tables. The landlords got richer and the poor stayed poor.

    The trouble was that the blight reduced the number of potatoes in circulation, and as other people were richer, they could afford to pay more - and so the farmers shipped their potatoes to the richer people, leaving the peasants to starve. As has always been the way.

    Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports. Too late for most of course, but don't get incompetence confused with conspiracy.

    There's been too much FUD about the potato famine, I suppose spread for modern political reasons. The truth is just dull, the government took a 'light touch' approach to the markets. Unfortunately this approach to 'hands off' free-trade doesn't give what society requires, with such lax input from governments, the free market doesn't always work correctly and you have monopolies appearing and abusing the freedom that should be providing a better set of choices. For computers, its no good saying "you could run Linux" if everyone needs to run Windows because of the ubiquity of software running on it.

    Protectionism is the last thing you want, when you get that, you invite stagnation. There's no innovation of growth, the established parties simply try to maintain their market with what they've got. Developing new products is a significant cost - and without free trade getting in the way and allowing new entrants to the market, there's no incentive to spend. Of course you might get new upstarts appearing, but that happens so rarely, and most of them are small and get killed off by the established big players either by being bought out (name any MS product really) or having their market destroyed (eg IE v Netscape).

    Ultimately the government needs to step in and support open standards, making sure everyone works with them. Then you can have much better spread of heterogeneous systems as they would work together, giving people the ability to choose an alternative to the dominant product.

  15. Ever have one of those moments... by gillbates · · Score: 5, Informative

    When you realize you are uncontrollably in love with someone? That you and this person sitting beside you are soul mates? That you were meant for each other?

    That moment for me came a few weeks ago. Yes, my wife and I have been married several years, but she was a Windows user when we met. Sure, she'd grown up in a diverse family - both Macs and PCs, but most of her experience was on Windows.

    About a year ago I replaced Windows with Ubuntu on the family laptop. She kind of grudgingly went along with it.

    Then, last week we were watching the news when the anchor broke the story of conficker. Without missing a beat, she turned to me and in roll-your-eyes-I-can't-believe-they're-so-stupid kind of voice said:

    "That's a Windows thing, isn't it?"

    "Yep," I replied.

    "Hmmm. Sucks to be them, I guess..."

    Linux evangelists take note: sometimes it takes people *years* to come around. But when they do, when they realize they no longer have to WORRY about viruses and other Windows-specific crap, it's priceless.

    --
    The society for a thought-free internet welcomes you.