How the Conficker Problem Just Got Much Worse

On the surface, April 1 came and went without a peep from the dreaded Conficker megaworm. But security experts see a frightening reality, one where Conficker is now more powerful and more dangerous than ever.

In the first minute of April 1, Conficker did exactly what everyone knew it was going to do: It successfully phoned home for an update. And while it was fun to imagine what nasty payload that update may have included (it was fun, wasn't it?), the result was not outwardly catastrophic; rather than a blueprint for world domination, the update contained instructions on how to dig in even deeper.
<snip>
Here's why it is deeply, deeply scary. As we explained, Conficker has built zombie botnet infrastructure by regisering hundreds of spam DNS names (askcw.com.ru, and the like), which it then links up and uses as nodes for infected machines to contact for instructions. In its earlier forms, Conficker attempted to register 250 such DNS names per day. But with the third version of the software, the Conficker.c variant which has been floating around for the last month or so, the number of spam DNS takeovers was boosted to 50,000 per day—a number security pros can no longer keep up with.

What the April 1 update did was simple: It provided instructions for linking up with the thousands, perhaps tens of thousands of new nodes registered by Conficker.c over the last few weeks, effectively growing the size of the p2p botnet to a point where it can not be stopped.

http://i.gizmodo.com/5197148/how-the-conficker-problem-just-got-much-worse

This is reassuring.

Either way, since I have a Mac, I don't really care that much. I find all the hysteria about it rather amusing.

But, I usually don't know what the hell I am talking about.

Would you change your mind if you found-out the internet runs on Microsoft servers or that a huge volume of spam traffic could make it unusable?

Frankly having the internet go down for awhile would be fine with me. First, it would point up the foolishness of relying on an electronic network as much as we do the internet, second, it would get people off their computers and interacting with real live people again, something that I think is badly needed in this country, and finally, I think that it would be amusing to watch the panic as people are suddenly thrust back to the technological level of the *gasp* 1980's:rofl:

If the internet goes down, yes, I would be effected, but I could cope. As I said, I have a Mac so I doubt that much personal data would be effected.

Not me. I like the convenience of paying bills online, reading a bunch of newspapers and having any kind of information at my fingertips. The destruction of the internet would be a life-changing event.

Do you realize how interconnected are all of our basic and essential services now? Things like the worldwide banking and commerce system, law enforcement and emergency communications,control of power utilities, military and security grids?

It doesn't just mean you won't be able to cruise the intertubes and loose a little enjoyment for awhile.....Geebus. Grow up. :eyes:

NO computer or OS is 100% secure if it connects to the outside world. Nobody that we know of is writing stuff to get Macs the same way because the people that write this crap play the numbers game. If someone wrote some malicious code to specifically attack Macs, it would spread like the plague because very few Mac users are security conscious at all. Most of think they are safe because they have a Mac-hence the "Get a Mac" attitude.

And the "Get a Mac" attitude arises more from the fact that PC's seem to crash on a depressingly regular schedule. The Mac that I'm on now has worked reliably and faithfully for five years with nary a crash. The PC's I've worked with in that same time frame have crashed, frozen, died on a regular basis. That's why I advise anybody to get a Mac.

But as you say, virtually all the malicious code out there, including the Conficker virus is written for PC's, another good reason to stay away from them.

was power failures. The problem is that people bog their systems down with all sorts of crap-most of it useless eye candy-that it screws up. I keep my machines lean and mean with a lot of Windoze crap disabled or unused. I prefer not to use any M$ apps beyond the OS-and I tweak that quite a bit. Even my main system-which has about 3 times the apps installed than the others, boots up in under 45 seconds from power on to desktop and ready to roll.

I'm pretty sure the predators would be targeting Macs. One thing I've learned in my 50 odd years is that nothing, absolutely nothing, is beyond the reach of a predator if they so choose. If you have virus protection up the ying yang and CIA quality encryption and firewalls, if a predator is determined to compromise your machine or your network, they will.

it's no different than bars on your house windows. They are completely useless if a predator is determined to get into your house.

If they know what it's doing, why can't they stop it?

... from what I understand about this virus is that at this moment all it is doing is making contacts.

It has instructions to "phone home" at a certain time to make more contacts.

All of these contacts are now part of some kind of network of hijacked computers.

All anyone knows is that it is automated and only knows when to "phone home" to get more instructions.

I guess the problem is that the network it has built is so large that if it were to receive instructions to do something beyond the regular instruction to "find more friends" (like, say, something destructive) there would be no way for anyone to stop it.

That is to say, they know how to remove it from infected machines. They've even written a standalone program to do that, in addition to the several anti-virus software programs that will remove it. The trouble is there are many people infected who do not utilize these products, and so they remain infected.

No one knows for sure what they will do with all these infected machines, but simply having an entry point into that many computers raises all kinds of possibilities.

http://www.joestewart.org/cfeyechart.html

It's a chart containing 6 pictures, which are fed from anti-virus and security websites. Conficker is known to block access to those sites, so if you can't see some or all of the logos, you might be infected.

My anti-virus software frequently updates its virus definitions and I run the scan every week so I suppose I'm alright.

As is the problem with all viruses, you can get them before your anti-virus protection gives you an update to kill it. Conficker is particularly ingenius because as soon as you get it, it stops you from getting any updates from your anti-virus protection (which would include an update to kill it), it doesn't allow you to use or download/install almost every cleaning tool, and it doesn't let you go to any site where you can find out what to do to kill it. The ONLY way to kill it is to get a cleaning tool from a non-infected computer and change the name to something the virus doesn't recognize and start cleaning from there. That was the last varient. The next varient will be even more sophisticated as every varient has been thus far.

I'm probably the most paranoid computer user there is. I have and daily update and use great anti-virus/malware/spyware programs, I have a firewall for the paranoid, I block pop-ups and only browse with Firefox with the adblocker, I never buy online, pay bills online, put any personal info online, I don't ever open emails from anyone I don't personally know, I don't use file sharing programs, all my emails are scanned for viruses, I don't go to porn sites or any other questionable sites, etc., etc., etc. Nevertheless, even though I had the Microsoft patch they put out in October, in January when the next varient came out, I (like millions of others) got the evil ConFucker anyway.

Do you have any idea how you got it? With all the precautions and careful browsing, you should have been OK.

ConFucker put itself on innumerable websites one would consider perfectly safe. I think it was mentioned in one news report that the website of a major news outlet was infected. The day I got it I was searching for specific info about dental implants and only went to reputable medical info sites. I knew something was wrong the second I got it, but at first I didn't realize it was a virus. Once I realized that regardless of what I searched for I was being diverted, I knew it had to be a virus of some sort.

I figured out that if you copied the text of a url and put it in your browser, you didn't get diverted and went to that site directly, so I started searching for info about what this virus thingie was and how to get rid of it, except because the virus doesn't let you go to most virus help sites, nothing I did was letting me get to those sites.

I got lucky and found a tech help forum that was part of a larger forum the name of which the virus didn't recognize and got instruction there on what to do. EVERYONE in the forum was complaining of the same virus, and there were pages and pages of threads from people seaking help for it. The techies there were overwhelmed, and it took on the average of 3 days to get a first response from a tech. Bless their hearts for all their help... I was a hair away from taking the computer to my local computer fix-it shop that charges an arm and a leg just to walk in the door.

I don't recall what medical websites I went to when I got the virus, but there were only about 5. I must have gotten it from one of them. Other than that, I haven't a clue how else I could have gotten it. I know ConFucker infects other drives, but I haven't used any of my other drives (even the CD/DVD player) since at least last summer. Besides, I don't see any way that my other drives could have been infected anyway.

I have had to clean and disinfect literally hundreds over the years where there was no security at all, completely outdated security-some 5 years old, or even deliberately disabled security. Most people think if they have an antivirus program alone that their computer is safe. They act surprised when I tell them otherwise.

I have never had a virus or trojan infect my systems but I'm more paranoid than most people. I nose around the hacker/cracker sites without any problems. I also keep image copies of all my systems for a quick restore. I run 5 computers in my house but they are all separate, not networked. Each one is set up for a specific purpose. First thing in the morning when I get up is run a scan while I'm waiting for my coffee.

Most viruses and trojans take advantage of people's laziness and/or ignorance. I had one laptop that someone brought in. It had no spyware detection and Norton 2002-this was last year. It had by my count 1872 viruses and 785 spyware/malware apps on it. I was surprised that it worked at all. I cleaned it up, installed AVG, Spybot S&D, Malwarebytes and Advanced Windows Care. 4 months later he brought it back-he had gotten infected again. When I found that AVG was disabled, I asked him why did he turn it off. He said that it kept flashing warnings at him every time he was looking at "free" porn and he got tired of seeing the warnings. I asked him if he ignored red lights on his dash in the car too. I fixed it and told him if he brought back with ANY security disabled that I was going to charge him double for stupid.

http://www.joestewart.org/cfeyechart.html

Or you could run linux and reduce your risk ;)

I understand this thing was first detected as part of a bundle of viruses being peddled out of China. Working backwards, assuming that's the place of origin, the high degree of sophistication and the fact that no specific individual has been arrested may tell us that this is either a very small or a very well protected group of developers. The sophistication argues for the latter, possibly a state-sponsored Chinese military intelligence group. The target? There are reports that this thing has gotten into official data banks in a number of countries. The target is obvious.

The Chinese hold hundreds of billions of dollars of US debt. Would they bring down US commerce under those circumstances?

This thing could be a contingency program that proceeds in stages according to several possible scenarios.

:shrug: S'all I'm askin' .... :evilgrin:

because MS sent you a security patch in anticipation of Conficker.

I have automatic updates, got the October patch in October when it came out and still got ConFucker in January. There are several varients of the virus, and that patch doesn't protect you from all of them. That's why many more people got hit with the evil booger in January and February.

While the anti-hackers and security folks deal with this, or try to deal with it, we should take steps to prevent losses on our ends.
Back up important data to off-line sources, like portable USB drives or CD/DVDs.
Make sure you have hard copies of anything extremely important (like a tax return, bank statement, etc).
Enterprises might want to have a spare computer or 2 kept in a storage locker that can be deployed in a hour or less in the event Conflicker is designed to fry CPUs or hard drives on command. Also, an enterprise could just swap in clean computers while the old computers are being treated.

You can get a decent system with XP professional for under $100 with free shipping on Ebay.

With all of these companies going out of business, the market is flooded with used and refurbished equipment. We just bought a couple of refurbished laptops from Dell that looked brand new.