4
   

Conficker worm

 
 
msolga
 
Reply Mon 21 Sep, 2009 10:51 pm
Anyone know anymore about this? Sounds very serious!:

Internet meltdown threat: Conficker worm refuses to turn
ASHER MOSES
September 22, 2009 - 2:08PM/theAGE


The brightest minds in technology and government are finding it "almost impossible" to defeat the Conficker worm, which has infected more than 5 million computers and, experts say, could be used to knock down the internet in entire countries.

Quote:
The worm, first detected in November last year, spreads rapidly to computers through a flaw in the Windows operating system.

Infected machines are co-opted into a "botnet" army, which can be controlled and used by the hackers to launch unprecedented cyber attacks.

"The general agreement in the security world is that Conficker is the largest threat facing us from a cyber crime point of view ... it has proven to be extremely resilient. It's almost impossible to remove," said Rodney Joffe, a director of the Conficker Working Group formed to defeat the worm.

"The best minds in the world have not managed to crack the code behind this yet."

The scale of the threat has forced the world's largest computer security companies to join together with government around the world in an unusual alliance to pool their resources and solve the problem.

Microsoft has offered a $US250,000 ($290,000) reward for information leading to the identification of the individuals - or rogue governments - behind Conficker.

Those behind the worm can do anything they want with the infected machines including stealing users' banking details or flooding government servers to knock them offline.

"This could be used to launch the mother of all DDoS [distributed denial of service] attacks, it could be used as the basis of major financial fraud, it could be used for major spam runs," Joffe said.

"Even a small portion of the infected machines from Conficker have the ability to actually take away the usability of the internet in an entire country like Australia."

So far the international effort to find a solution has yielded few results, and the number of infected machines has remained fairly stable at 5 million. They include home, business and Government computers. ...<cont>




http://www.theage.com.au/technology/security/internet-meltdown-threat-conficker-worm-refuses-to-turn-20090922-fzlh.html
 
msolga
 
  1  
Reply Mon 21 Sep, 2009 11:05 pm
@msolga,
I can never quite figure out, with such reports, whether they're a beat-up or a legitimate issue which warrants serious concern.
msolga
 
  1  
Reply Mon 21 Sep, 2009 11:13 pm
@msolga,
In case you're wondering about the source of this story: The AGE is a (highly) respected newspaper in Melbourne, Oz. Not prone to sensationalism or wild flights of fancy. It's a serious newspaper.
0 Replies
 
ebrown p
 
  1  
Reply Mon 21 Sep, 2009 11:38 pm
@msolga,
This article is certainly exaggerated.

The claim that "the best minds in the world have been unable to crack the code" is complete nonsense (it may refer to the fact that the worm uses RSA encryption to send messages... but the virus itself is understood).

The Conficker work itself has been "defeated", meaning that there are definitive ways to remove it from your computer, Microsoft itself has released a patch. The problem is with the computers that are already infected, or for people that have for whatever reason not installed the patch or the latest anti-virus software.

The wikipedia article seems to have well-documented information.

http://en.wikipedia.org/wiki/Conficker

The moral of the story is the same. If you are using Microsoft, make sure you have good anti-virus software that you keep up to date and keep on top of security updates from Microsoft.



msolga
 
  1  
Reply Tue 22 Sep, 2009 05:03 am
@ebrown p,
Quote:
The moral of the story is the same. If you are using Microsoft, make sure you have good anti-virus software that you keep up to date and keep on top of security updates from Microsoft.


I hope you're right & the story is exaggerated & I certainly hope this moral/"remedy" does the trick!
ebrown p
 
  0  
Reply Tue 22 Sep, 2009 07:49 am
@msolga,
If you are really worried, you could always switch to Linux.

That's what I did (but it is probably a bit overboard for most).
msolga
 
  1  
Reply Tue 22 Sep, 2009 07:55 am
@ebrown p,
Nah, I'm not that worried, ebrown. Just interested.
Thanks for the suggestion, anyway.
ebrown p
 
  -1  
Reply Tue 22 Sep, 2009 07:59 am
@msolga,
Your loss lol.

Just make sure your virus software is up to date.
0 Replies
 
Robert Gentel
 
  5  
Reply Tue 22 Sep, 2009 11:41 am
@msolga,
Almost any mainstream article about computer security portrays the threats as far more sinister than they really are. That's mainly because the whole world of hacking and computer security is exotic in most people's minds and gains an almost-magical aura.

But that being said, the conficker worm is technically interesting and very very well made. ebrown said that it has been "defeated" but he's talking about the exploit that the worm used, which isn't at all what the security researchers are talking about. That hole was closed long ago, they are talking about their inability to take down the bot net that the worm created. The holes are always patched and there are always millions who don't bother applying the patches. That much is normal, what is different is that this network isn't being taken down or rendered useless as easy as large scale infections like this are usually fought.

A "bot net" is a group of computers that have been compromised and that can be controlled by a remote party. These are often used to send spam, infect other computers, or launch denial of service attacks (this kind of attack basically means each computer sends traffic at a target in order to flood them and prevent other legitimate traffic from getting through).

The conficker worm has made a big bot net for someone, but it hasn't really been used, and has been cleverly evolving in ways that make it very difficult to take down the botnet. For example, while many worms will use one specified domain to phone home to and get instructions this worm is setup to try many random domains that are not yet registered. This complicates the efforts to fight it, because with just one domain the domain itself can be taken over. Security researchers have been registering some of the domains the worm will "phone home" to but due to the volume of random domains it can use they can't get them all and this leaves an easy way for the hackers to control the network by just registering one of the domains.

So these kinds of tricks is what makes this threat currently "undefeated", but it is very unlikely to be used for gratuitous attacks. This kind of work usually represents a significant investment, and is worth lots of money to the individuals who control it. Doing something like a DDOS attack to flood a country's internet connection isn't a very useful thing to do with it. It's most likely that this is a worm operated by for-profit hackers. Not a government or for-curiosity or for-politics hackers so those kinds of attacks are unlikely.

So what they are most likely to do with it is find a way to monetize their network of zombie computers. They can sell spamming services with it, they can steal credit card numbers to sell, they can even just "ransom" the infected computers in a process where they sell the fix to the problem they created.

But with all the attention the worm has gotten, some of these methods are hard to get away with. Right now it really seems like they are just trying to preserve control over the bot net and figure out a plan to make money off of it without getting caught.

In short, it's very likely that this will just contribute to more of the spam, fake anti-malware scams, and data theft that is already common place on the web. It's very unlikely that it will be used to do things like attack Australia's internet. If it did something like that, the control of the bot net would be risked for very little gain.

The article is essentially saying that this bot net is more resilient than they have typically been in the past. But the threat is nothing new, just more clever than normal.
Robert Gentel
 
  3  
Reply Tue 22 Sep, 2009 11:46 am
@ebrown p,
ebrown p wrote:
If you are really worried, you could always switch to Linux.

That's what I did (but it is probably a bit overboard for most).


I knew you'd be doing the Linux ideologue thing. It's really dumb advice, which I think even you know by saying it's "overboard" for most people. Operating system selection just shouldn't be motivated by this worm. I've had Linux machines compromised by worms and the solution to security problems are simple best practices on any platform.

Is there anything you are not an ideologue about?
DrewDad
 
  3  
Reply Tue 22 Sep, 2009 04:35 pm
@ebrown p,
ebrown p wrote:
If you are using Microsoft, make sure you have good anti-virus software that you keep up to date and keep on top of security updates from Microsoft.

Using good anti-virus and keeping up with security updates should not be limited to those using MS products.
msolga
 
  1  
Reply Tue 22 Sep, 2009 06:00 pm
@Robert Gentel,
Thank you for that very clear explanation, Robert!
0 Replies
 
msolga
 
  1  
Reply Tue 22 Sep, 2009 08:32 pm
@DrewDad,
Quote:
Using good anti-virus and keeping up with security updates should not be limited to those using MS products.


Indeed, Drew.

... & a follow-up question, if I may. addressed to anyone in the know ...

These "good" anti-virus programs.: Could you name a few? And perhaps a few not-so-terrific?
(I'm currently using Norton)

ebrown p
 
  1  
Reply Tue 22 Sep, 2009 09:47 pm
@Robert Gentel,
You make "ideologue" seem like a bad thing. Actually, I thought I was being reasonable, I suggested that people not panic and use sensible precautions.
I don't know what is the opposite of ideologue -- but arguing that two choices are morally equal just because they have to be is a logical fallacy in any arena.

I am bit curious about the worms you had on Linux-- I suspect you are comparing apples with oranges. The Conficker worm is an exploit in the operating system, whereas most worms on Linux have been exploits of a framwork not related to the OS (e.g. PHP exploits).

Microsoft has made mistakes in its Operating Systems (and word processor etc etc) because they have consistently chosen features over security. They didn't have to do this, and there is nothing to say that other Operating Systems have to have done the same (or have the same amount of vulnerabilities). From what I read, Windows 7 is supposed to focus on fixing this more than their previous offerings.

That being said, I am not saying that this is a sole reason that people should shy away from Microsoft. My main point (which I think we all agree with and is thus not worth discussion further) is that taking sensible precautions is a good idea.
Robert Gentel
 
  4  
Reply Tue 22 Sep, 2009 10:12 pm
@ebrown p,
ebrown p wrote:
You make "ideologue" seem like a bad thing.


That owes in large part to the fact that I happen to see it that way. Gets old to see people who don't use Windows obsess about not using Windows.

Quote:
I don't know what is the opposite of ideologue -- but arguing that two choices are morally equal just because they have to be is a logical fallacy in any arena.


I don't know anything about how two operating systems could be "morally equal". I'm not trying to argue that both are equal in any way, nor am I trying to argue that any one is better. I'm just weary of the Linux and Mac folk who see their hammer as the tool for every problem. This particular problem is just solved by the same best practices that anyone should use on any operating system: apply the security patches promptly.

Quote:
I am bit curious about the worms you had on Linux-- I suspect you are comparing apples with oranges. The Conficker worm is an exploit in the operating system, whereas most worms on Linux have been exploits of a framwork not related to the OS (e.g. PHP exploits).


Most that I remember off the top of my head are from installed software and I'm not sure if I've been involved in any actual kernel vulnerabilities, but that's where security exploits have been trending towards on all operating systems. Either way, Linux has had plenty of vulnerabilities in the operating system itself and not patching it for years would be a security problem too.

Switching to Linux won't help you at all if you engage in bad security practices such as downloading and running things haphazardly, not updating your operating system and not securing your connections with the global network (firewall).

Just taking those basics and you'll do fine. I've never had a Windows computer that I've been responsible for become a victim of any form of worm, virus or malware. Switching operating systems isn't what is needed to be safe, it's the safe practices.

Quote:
Microsoft has made mistakes in its Operating Systems (and word processor etc etc) because they have consistently chosen features over security. They didn't have to do this, and there is nothing to say that other Operating Systems have to have done the same (or have the same amount of vulnerabilities). From what I read, Windows 7 is supposed to focus on fixing this more than their previous offerings.


All operating systems have vulnerabilities and need fixes published to cover the holes. This particular worm used a hole that Microsoft had already issued a fix for. All it took to prevent it was to apply security updates, and this is important no matter what operating system you use. That is essentially my point, that good practices are the best solution here and that your brand of Linux evangelism is more political and ideological than helpful and practical.

No matter what software you use, apply security updates promptly. They don't need to use your chosen operating system to be secure.
0 Replies
 
Robert Gentel
 
  3  
Reply Tue 22 Sep, 2009 10:29 pm
@msolga,
msolga wrote:
These "good" anti-virus programs.: Could you name a few? And perhaps a few not-so-terrific?


Honestly, it depends on the user. Some users are fine with no AV program at all. Some need one with a malware filter in addition to just viruses. And all of them kinda suck in some ways it seems.

The famous two are Norton and McAfee, and out of the two I prefer Norton, especially their corporate version without all the bells and whistles of the customer version.

Then there is Windows Live OneCare (don't ask, a retard does all the brand naming at Microsoft), and AVG, Avira AntiVir, avast, Kaspersky, BitDefender, Panda....

For paid I'd recommend Norton, for free I'd recommend AntiVir, AVG or Avast.
msolga
 
  1  
Reply Tue 22 Sep, 2009 10:31 pm
@Robert Gentel,
Thanks again, Robert.

0 Replies
 
 

Related Topics

YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Internet Explorer 8? - Question by Pitter
 
  1. Forums
  2. » Conficker worm
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.11 seconds on 12/23/2024 at 02:34:08