Slashdot Mirror

← Back to Stories (view on slashdot.org)

Conficker Blamed In $72M Scareware Ring

Posted by timothy on from the your-lack-of-ethics-intrigues-me dept.

tsu doh nimh writes with an update on the previously mentioned crackdown on scammers peddling fake antivirus products, who were apparently taking advantage of the worm that just won't go away: "Police in Ukraine said the thieves fleeced unsuspecting consumers with the help of the infamous Conficker worm, although it remains unclear how big a role the fast-spreading worm played in this crime. Interestingly, the picture showing the stack of PCs confiscated by Ukrainian authorities (SBU) in this raid is identical to the one shown in an SBU press release last fall, when the SBU detained five individuals connected to high-profile ZeuS Trojan attacks."

28 comments

  1. When will these organizations fleece from ... by Super+Dave+Osbourne · · Score: 1

    the governments they seem to be truly angry at and bring them down? I'm curious is there any virus or network that is exclusively targeting governments rather than average consumers that are ill informed or unfortunate to click and install some otherwise obvious infection?

    1. Re:When will these organizations fleece from ... by Luckyo · · Score: 2

      These kinds of exploits hit people who don't update their computers, don't use firewalls and generally have no clue about security. Most government and corporate networks have corporate IT section that is very well prepared to fight such basic threats.

      Corporations and governments are hit by very different kinds of attacks (i.e. lulzsec, cyber war attacks, etc), which are specially tailored for each target.

    2. Re:When will these organizations fleece from ... by sortius_nod · · Score: 2

      Yeh, that's why a major bank I worked for a year ago was having trouble removing conficker from 2500 servers and over 20 000 termianls... such a different conficker to the one everyone else got.

    3. Re:When will these organizations fleece from ... by Luckyo · · Score: 1

      There are always exceptions to the rule that reinforce the rule.

    4. Re:When will these organizations fleece from ... by sortius_nod · · Score: 1

      That is not how that phrase is meant to be used:

      http://en.wikipedia.org/wiki/Exception_that_proves_the_rule

    5. Re:When will these organizations fleece from ... by Luckyo · · Score: 2

      Innovation is all the rage nowadays!

  2. Pictures by Idimmu+Xul · · Score: 1

    Those 2 pictures are the same stacks, in the same room, just with the camera rotated 90 degrees ...

    --
    The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
    1. Re:Pictures by Anonymous Coward · · Score: 0

      No shit. That's why the fucking summary described them as "identical".

    2. Re:Pictures by Anonymous Coward · · Score: 0

      Those 2 pictures are the same stacks, in the same room, just with the camera rotated 90 degrees ...

      No it are different stacks and different rooms, even if they are identical. Don't you get it: these virii evolved into replicators: first they replicated themselves, now they replicate everything around them. Be ready to welcome your new overlords soon.

    3. Re:Pictures by WrongSizeGlass · · Score: 1

      Those 2 pictures are the same stacks, in the same room, just with the camera rotated 90 degrees ...

      It's called recycling. They're just doing their part to help the 'green' effort. Though on /. I think we call it redundant or a dupe.

    4. Re:Pictures by sortius_nod · · Score: 1

      At least they were nice enough to use _some_ different money. Makes it look more real.

  3. Conficker again? by Compaqt · · Score: 3, Informative

    This a really nasty piece of malware that actually prevents you from reaching any security-related sites.

    This was also the impetus for my finally moving from XP to Ubuntu full-time.

    Word for the wise: after you run a standard battery of antivirus programs, you should also run conciller.exe . That's the only way to get rid of it for good. Otherwise it embeds itself into system files and re-emerges even after you apply a service pack.

    More here.

    --
    I'm not a lawyer, but I play one on the Internet. Blog
    1. Re:Conficker again? by JohannesJ · · Score: 1

      Which begs the question This is is a well known malware . Every major antiviral software claims to detect and remove it. So either A) The anti-malware manufactures and those who market it are liars and Frauds. or B) people who get infected are Ignorant , stupid or lazy and just don't use good updated AV software . Which is it is it.?

    2. Re:Conficker again? by Anonymous Coward · · Score: 0

      Which begs the question
      This is is a well known malware .
      Every major antiviral software claims to detect and remove it.
      So either
        A) The anti-malware manufactures and those who market it are liars and Frauds.

      or
      B) people who get infected are Ignorant , stupid or lazy and just don't use good updated AV software .

      Which is it is it.?

      C) Both A & B

    3. Re:Conficker again? by orange47 · · Score: 1

      well, it is not so well known if it gets regular updates and 'mutates'.
      made me move from samba to ftp.
      blocking 'security-related sites' is actually a good thing, so you know host is infected.

  4. Police Lie? Really? I don't believe it! by Zero__Kelvin · · Score: 1

    "Police in Ukraine said ..."

    The pictures they claim show evidence are the same as an earlier picture showing evidence against someone else. I think we can safely ignore whatever the police say, at least in this case.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  5. Re:Police Lie? Really? I don't believe it! by Luckyo · · Score: 1

    I don't think that's up to us, but to Ukraine's applicable court to judge evidence.

  6. Re:I block their C&C servers via HOSTS files by Anonymous Coward · · Score: 0

    that's not a good idea.
    first of all some windows versions have problems with huge hosts files and it can actually slow down the computer.
     
    secondly, its probably trivial for a virus to bypass it.
     
    also, they constantly use new domains and adresses.

    it might be better to use a real firewall like the one built in router

    another option is using some free DNSs that also block malware sites. (if you can trust them)

    but, as always, linux is the best option in the end..

  7. It's a fine idea, I do it here & how by Anonymous Coward · · Score: 0

    You're overlooking to turn off the DNS Client Cache Service with relatively speaking LARGER hosts files!

    "first of all some windows versions have problems with huge hosts files and it can actually slow down the computer." - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

    Cure's above what I quote from you, guaranteed...

    I do it myself - have to: 1,457,748++ line item entries in my HOSTS file, mostly adbanners blocked (for speed, gain is huge & noticeable) & for security vs. malware + botnets (blocking known bogus servers/sites/hosts-domains)

    I.E.-> The DNS Client Cache Service in Windows' structure that gets loaded is NOT "flexible" like say, a list construct or dynamic array...

    In fact?

    I pointed that which you speak of, to a Microsoft mgt. person (Senior VP, Windows Client Performance Division) named Foredecker (Mr. Richard Russell) who posts here in fact. asking for a "fix/patch", here:

    http://slashdot.org/comments.pl?sid=1467692&cid=30384918

    (He also admitted after a bit of a debate on it also, that another idea I had was correct either... see the bottom-most part of that link above)

    ---

    "secondly, its probably trivial for a virus to bypass it" - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

    Here's a few things vs. that I do:

    ---

    1.) I use ACL & write-protect of the HOSTS file (granting system access & myself)

    2.) Mine HOSTS file's CONSTANTLY updating via the system for it I mention now in reply (& there are others, HOSTSMAN for example over @ MVPS.org, & I even built another in Delphi 2002-2009 earlier still, & used it (PyThon now though, write-once, run anywhere IS why))

    3.) Once you "blockout" known sources for that kind of thing, you can't get infested as easily IF @ all (& antivirus/antispyware take over the rest via heuristics options or their base signatures/mugshots of "known offenders", so-to-speak).

    ---

    Here's a testimonial example to that effect beyond my own here from other slashdotters in fact to that very effect:

    "Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

    ---

    And, there you are... "Layered Security" is the way...

    (I am *SURE* I noted that above... again, did you read my post in its entirety I must ask?)

    ---

    "also, they constantly use new domains and adresses." - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

    Which I fill here as they are discovered... that's the way it works in most all security!

    (I.E.-> Reactive in nature, MOSTLY, as is the case in antivirus/antispyware programs also)

    Here though? Again - That goes on & every 15 minutes from 15 diff. reputable & reliable sources via a Python system for that here... constantly updated!

    (I *think* I noted this in my init. post you replied to now also...)

    ---

    "it might be better to use a real firewall like the one built in router " - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

    I do, & I noted that...

    In fact, I combine HOSTS with Norton DNS (which again, uses DNSBL vs. malware etc.), software firewalls, AND, a Linksys NAT stateful packet inspecting router.

    (I must ask once more - Did you read the entirety of my post?)

    ---

    "another option is using some free DNSs that also block malware sites. (if you can trust them)" - by Anonymous Coward on Saturday June 25, @11

  8. 2 small corrections (my bad)... apk by Anonymous Coward · · Score: 0

    NortonDNS was the topic of another post I did here http://yro.slashdot.org/comments.pl?sid=2268288&cid=36567596 and in the one you replied to fellow ac?

    I didn't note about my HOSTS file update "automagically" system in Python, nor it updating every 15 minutes... my bad, sorry, correcting for it now!

    APK

    P.S.=> Too many things going on here today on Sat. a.m., doing garden & yard work, paying bills, & posting on slashdot too? My brain needs a faster & multi-core CPU upgrade, lol... not multitasking well enough!

    ... apk

  9. You CAN block sources of it by Anonymous Coward · · Score: 0

    http://yro.slashdot.org/comments.pl?sid=2268432&cid=36567794

  10. Care to explain the downmoderation? by Anonymous Coward · · Score: 0

    Whoever downmoderated my post should have the courage to speak their mind on reasons for downmoderating my post, based on errors in technical information in computing.

    (Additionally, should said "courageous hero" (lol, not) have the balls to reply? Do so... & not just some silly vendetta, or being a troll with off-topic adhominem attacks - do so based on what you feel is in error in my posting (IF You can)).

    I suppose I can be happy you're blowing them that way though, & wasting them.

    * In any event? See subject-line, & thank you!

    APK

    P.S.=> I mean, lol, hey: If the "best you've got" is hit & run down moderations of a post, then you've made my point(s) above!

    Otherwise? I can only suspect that some malware maker/botnet master is behind the wheel of this unjust downmoderation. ... apk

    1. Re:Care to explain the downmoderation? by Anonymous Coward · · Score: 0

      Are you really having that much fun there in your own special little world?

    2. Re:Care to explain the downmoderation? by Anonymous Coward · · Score: 0

      LMAO tomhudson blew writing, modded apk down?

      Again tomhudson mods down others when he fails. tomhudson's "standard modus operandi" ac stalking & trolling shows http://slashdot.org/comments.pl?sid=2263468&cid=36577088 .

      Typical tomhudson geek angst based weak retaliation.

      It's the same as you did here also, messing up too http://yro.slashdot.org/comments.pl?sid=2268432&threshold=-1&commentsort=0&mode=thread&pid=36567794 on Windows DNS local cache service and hosts files this week and this post also.

      We know it's you tomhudson doing it. and it's why many of your posts are getting down moderating also in return this week most of the time.

      I caught how you do that here in one of your posts in fact http://slashdot.org/comments.pl?sid=2270208&threshold=-1&commentsort=0&mode=thread&pid=36573584 in posts beneath yours.

      Posts that also show you stalk and troll hosts file guy apk because he has burned you many times on technical issues in computer programming and networking proven here http://slashdot.org/comments.pl?sid=2230966&cid=36418796

      What's worse is how you and your trolltalk.com friends-sock puppet accounts like countertrolling do that very thing to cheat the moderation system here too.

      You mod others down via these methods proven here http://slashdot.org/comments.pl?sid=2245866&cid=36491652 and you use those trolltalk.com sock puppet account to mod yourselves up also.

      (I think with countertrolling is actually a sock puppet alternate registered account here of yours from how he's always supporting you and in your journals or posts suddenly popping up when you are on the ropes. Coincedence? I think not.).

      U R lame tomhudson, and everyone knows it.

      No wonder you hide in your journal here 90% of the time. I would too if I blundered and get caught playing dirty cards as you constantly do.

    3. Re:Care to explain the downmoderation? by Anonymous Coward · · Score: 0

      Uh, tomhudson ac posting blew it on hosts files vs. apk again and I saw what you put up and I agree. It's tomhudson the psycho cyberstalker of slashdot. Talk about geek angst. What bothered me was how countertrolling who yes is a friend of tomhudsons showed how they cheat the moderation system here. That's really low and tomhudson and his trolltalk.com crew should be ashamed of themselves.

  11. "ReVeRsE-PsYcHoLoGy" by Anonymous Coward · · Score: 0

    "?dlrow elttil laiceps nwo ruoy ni ereht nuf hcum taht gnivah yllaer uoy erA" - by Anonymous Coward on Saturday June 25, @04:15PM (#36570730)

    ?

    APK

    P.S.=> I don't think the ac troll replier understood my question, & I certainly do NOT understand his answer... someone get me a translation please... lol!

    ... apk