Conficker changed the way parts of the botnet communicated overnight, but little else of note has happened so far. The malware is far from an April Fool's joke, but it's obviously a long way from the Skynet botnet, as depicted in Terminator 3, that some of the more fevered imaginings of the media hinted at. The main activity …
"Previous damp squibs include the Michelangelo virus (1992), CIH (1999), SoBig (2003), and MyDoom (2004)."
Bad examples, all of them.
The only reason why Michelangelo was a non-problem was the same as the reason why Y2K was a non-problem - because long before the trigger date we raised user awareness and made sure that most potential victims were protected.
While CIH wasn't as widespread as the hype about it, given how extensive was the damage caused by it (essentially turned some machines into bricks), even the relatively few cases when it triggered caused a lot of grief.
SoBig and MyDoom were both extremely widespread at the time.
Bit of an anti-climax
So from the annihilation of the internet as we know it to something a little more sedate!
Quoted on BBC website ( yes I know a real bastion of informed IT news! )
"We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term."
All a bit like the city riots today, 4 people arrested so far!
It's a solid setup
but as an April fools joke, it seems a bit overworked.
Something happened for us anyway.
Something activated today because we cleaned out every last trace of the bstard and it came back on antivirused/patched machines.
Not as large a scale, but on activation day... go figure.
It was hyped up on the BBC news and the presenter mentioned the millennium bug as another instance of a virus that failed to materialise which of course is total rubbish. The millennium bug was a problem where computer systems were coded with two digit years. It wasn't deliberate malware.
My Money's on
it being a grid computer to try deciphering amanfrommars' posts
RE:My Money's on
Na. That would cause real dammage.
Well Known Testing Procedures
All of our machines are clean(I've run several tools plus we updated right when the patch came out), but we still can't get to the Microsoft site. What if the real goal was to get a denial of service attack against Microsoft and the only way was to infect machines with something that caused everyone to connect to the Microsoft site to test if you were infected? While a few million infected machines hitting the servers might not bring it down, the other 100 million non-infected machines going to the site might.
Where's the April Fool's angle?
Where's the April Fool's angle?
Why create a computer virus?
Give up already
Conficker is just a harmless networking add-on :(
Just give them time
Sooner or later, we'll find out what the whole thing is about, and it will be nasty. Not only that, but this won't be the last time this happens, either. People will continue to write better and better worms as long as it's so easy to infect the world's most popular OS. When will people learn, and start demanding that Microsoft design security in from the beginning, like Linux does, instead of tossing it on as an afterthought?
Maybe people who's computers are trashed by things like this should sue Microsoft for creating an attractive nuisance, on the grounds that if they'd secured their software properly this type of thing wouldn't happen. Yes, I know that their EULA expressly denies any warranty, but there are some rights you can't waive, even if you try.
Am I the only one that sees the obvious here...
I'm no conspiracy theorist here, however it has occurred to me that there could be only possible group behind conflicker...
Now seriously, look at it rationally, here we have a virus that is, extremely well written, its nearly undetectable, its not known to carry any payload, in its infancy, it was designed to spread itself like wild fire exploiting weaknesses that are only likely to be found in a certain demographic populous. it doesnt affect the most recent versions of windows, nor does it affect most of the general public, and, In recent variations of the virus, it has been configured to stop spreading itself (makes no sense whatsoever).
ok now look at it with cynical eyes, the recession hits, Microsoft is seeing reduced revenue market wide and not happy about it. Microsoft is running up to the release of Windows 7 second half of this year, still not happy about the corporate worlds dismal uptake of windows vista, and thus yearning to milk their corporate cash cow, they produce and put out this virus that generally only affects the corporate world and a handful of paranoid consumer users that refuse to upgrade or update. this virus does no real damage except be a pain in the ass and strike fear in the hearts of corporate IT admins and executives. knowing that corporations take their sweet ass time in making any kind of changes to their infrastructure, conflicker is born, with the intentions that, with the fear of what damage conflicker could have done, and knowing that it only affects legacy unpatched versions of windows, Microsoft comes along in the wake of conflicker and pushes these corporations in to migrating to windows 7 or windows vista...
Seriously people wake up and smell the ink drying on the checks...
So what do Dan Kaminsky and Graham from Sophos have to say on that matter? When will we all die? Should we come back from the hills yet?
@My Money's on
You sure theres enough computer power in the world to decipher them?
On a side note I havent seen many posts from him in a while....Im scared
What didn't happen?
Yet another example of media hype not coming to pass, and it is just the hype, not the actual expected behaviour as reported by boffins, that didn't happen. Much the same as the other examples referred to.
Michelangelo for instance, was a real threat, in the wild, that actually did (and still does) trigger on Michelangelo's birthday (March 6) in any year. The fuss about Michelangelo was down to the media, who, having heard about it from another source, interviewed McAfee about it and insisted on him giving them some kind of estimate for the number of computers he thought might be affected. He said anything from five thousand to five hundred thousand, and of course the media reported it as five hundred thousand. The figure actually grew from there through what can only be described as media enthusiasm.
I spent more time with news people than victims of Michelangelo that first year, and got phone calls from journalists every March for several years, but there were people who had the virus and got their hard drives wiped on the day even with all the advance warning from the noise in the press. It just wasn't the end of the world that the media are always pimping for, so now they report that the world was duped by a false alarm. Indeed.
Michelangelo spread on the boot sector of floppy disks. No one uses floppy disks anymore, which is why we no longer hear about it. The virus could probably still work on a lot of modern PCs (if they were configured to boot from a floppy and if they had the BIOS virus protection turned off) though I can't think of any reason to actually test this.
Shoot the media
A few people have been sending me links to articles this past week about the Conficker malware (whether you call it a worm, virus, or whatever). All of the articles make it out like it's the worst thing in the world, that it will destroy civilization. Usually, I have to stop reading well before the end of the articles, as my blood has already reached the boiling point from the outright lies being told.
Making people aware of malware is good, but lying and/or purposely playing on people's fears helps nobody (I've even heard people claim that this is an attack by Al Qaeda to funnel money from everyone's bank account, launder it through multiple offshore banks, then deposit it into their accounts). But what was with this unhealthy obsession of April 1? What, just because the worm was set to do something different today? Guess what, people? EVERY DAY could be the day this malware becomes destructive. To think we're "off the hook" simply because a single day has come and gone is ridiculous.
Simply put, today was no more or less dangerous than any other day for this or any other piece of malware. Watch where you go and what emails you open, keep your system (all software) up-to-date with the latest patches, use a firewall (preferably hardware), and use antivirus (though antivirus, reactionary by definition, has become pretty meaningless in today's environment). Do that no matter what OS you use (no, OSX and Linux are not un-exploitable, so you are not immune). Put another way -- use common sense. To be even safer, use Firefox with Adblock Plus, Flashblock, and NoScript. And if you think your system is infected with something, get it looked at immediately. Period. Don't let the current date or any media hype sway you in any way.
I've been online since 1992 (BBSs from 1992-1996, and the Internet from 1994 to present day), and I've only only been infected once. That happened within this past year because I wasn't paying attention when I clicked on a link on a Google search results page (for the record, I was searching for "set-cookie"). Simply visiting the page, no further action required, got me infected. That's what convinced me that I needed NoScript. But that's the only time I've ever been infected in 17 years. Use common sense and caution, and you have little to fear.
Now, if we could sandbox browsers (and the apps/plugins when called from browsers), we could drastically cut down on infections, but that would require a radically new way of thinking about security. Perhaps it's time we started thinking about only allowing whitelisted software.
"On a side note I havent seen many posts from him in a while....Im scared"
You have seen them , you just have not noticed because lately he has been making sense .
"Now, if we could sandbox browsers (and the apps/plugins when called from browsers), we could drastically cut down on infections, but that would require a radically new way of thinking about security. Perhaps it's time we started thinking about only allowing whitelisted software."
Walter, there is a name for people like you, it's "penis"
Much as I admire your theory, surely the correct response to a virus that only infects older versions of Windows is to move to Linux...
I think Microsoft would have thought of that.
Finjan provide a sandboxing (& profiling) solution for corporates (or people with a hell of a lot of money.)
However it costs money (and should really have somebody to look after it too)
re: Just give them time
"Maybe people who's computers are trashed by things like this should sue Microsoft for creating an attractive nuisance, on the grounds that if they'd secured their software properly this type of thing wouldn't happen"
Get a grip, and stop being a total idiot. Yes, Windows has vulnerabilities, however a patch was released for this one LAST OCTOBER. The reason there are so many infected systems is because people don't install updates when they should. Using your logic, an ISP who is experiencing increased traffic because of a virus should sue their customers on the grounds that if their customers secured their systems properly, it wouldn't have happened.
We have this thing called personal responsibility. I know most people deny its existence nowadays, but it's still there. YOU are responsible for what you do. Period. If you stick a knife in your eye, you are the responsible party. If you stick your hand in a fire, you are the responsible party. If you connect your computer to the Internet without the proper defenses, you are the responsible party. If you indiscriminately browse and download, and thus become infected with something, you are the responsible party. Do you recognize a pattern?
I'm no Softie, but this time, they're not the bad guy a lot of people are making them out to be. This time around, the blame lies with the people who became infected.
Re: Re: Just give them time
"a patch was released for this one LAST OCTOBER. The reason there are so many infected systems is because people don't install updates when they should."
Not so. ONE of the primary infection pathways was patched a while ago. The worm now spreads mainly through autorun, in the most "legit" manner. And MS admitted that there is no easy way to disable autorun (no, the "disable autorun" button won't do what it says on the can). And, more importantly, even if you DO manage to disable autorun -not a trivial task-, there's no telling *when* it will automatically switch back on (note the *when*, not *if*. Because it *will* turn itself back on).
So yes, MS is at fault, indeed.
"Get a grip, and stop being a total idiot."
Erm, I couldn't have put it better. Not with the same target though.
"And, more importantly, even if you DO manage to disable autorun -not a trivial task-, there's no telling *when* it will automatically switch back on (note the *when*, not *if*. Because it *will* turn itself back on)."
That's funny. I've had my system since 2004, and since I disabled autorun during my initial software install, it has never turned itself back on. Five years, and it's never turned itself back on. So tell me, when should I expect to see it happen?
Also, this shouldn't need to be pointed out, but obviously it does -- if you have a piece of malware installed on a drive and it's activated through autorun, then you were in trouble before you were infected. Allowing people to write to your drive and indiscriminately popping CDs and flash drives into your system are actions that you control. As such, you are the one responsible if you become infected through such methods.
Now, I will wholehearted agree that Microsoft is partially to blame if you became infected through a fileshare because of their inconceivable and inexcusable decision to have a blank password for the Administrator account, and then not give you access to the Administrator account (unless you use Safe Mode, or unless you know that hitting CTRL-ALT-DEL twice will bring up the normal type-in-your-username login box). Having said that, you still should have known enough to not use blank, default, or easy to guess passwords.
Autorun disabled really?
Did you check that it's disabled for network shares, too? That's the tricky part.