Conficker worm

I can never quite figure out, with such reports, whether they're a beat-up or a legitimate issue which warrants serious concern.

In case you're wondering about the source of this story: The AGE is a (highly) respected newspaper in Melbourne, Oz. Not prone to sensationalism or wild flights of fancy. It's a serious newspaper.

This article is certainly exaggerated.

The claim that "the best minds in the world have been unable to crack the code" is complete nonsense (it may refer to the fact that the worm uses RSA encryption to send messages... but the virus itself is understood).

The Conficker work itself has been "defeated", meaning that there are definitive ways to remove it from your computer, Microsoft itself has released a patch. The problem is with the computers that are already infected, or for people that have for whatever reason not installed the patch or the latest anti-virus software.

The wikipedia article seems to have well-documented information.

http://en.wikipedia.org/wiki/Conficker

The moral of the story is the same. If you are using Microsoft, make sure you have good anti-virus software that you keep up to date and keep on top of security updates from Microsoft.

I hope you're right & the story is exaggerated & I certainly hope this moral/"remedy" does the trick!

If you are really worried, you could always switch to Linux.

That's what I did (but it is probably a bit overboard for most).

Nah, I'm not that worried, ebrown. Just interested.
Thanks for the suggestion, anyway.

Your loss lol.

Just make sure your virus software is up to date.

Almost any mainstream article about computer security portrays the threats as far more sinister than they really are. That's mainly because the whole world of hacking and computer security is exotic in most people's minds and gains an almost-magical aura.

But that being said, the conficker worm is technically interesting and very very well made. ebrown said that it has been "defeated" but he's talking about the exploit that the worm used, which isn't at all what the security researchers are talking about. That hole was closed long ago, they are talking about their inability to take down the bot net that the worm created. The holes are always patched and there are always millions who don't bother applying the patches. That much is normal, what is different is that this network isn't being taken down or rendered useless as easy as large scale infections like this are usually fought.

A "bot net" is a group of computers that have been compromised and that can be controlled by a remote party. These are often used to send spam, infect other computers, or launch denial of service attacks (this kind of attack basically means each computer sends traffic at a target in order to flood them and prevent other legitimate traffic from getting through).

The conficker worm has made a big bot net for someone, but it hasn't really been used, and has been cleverly evolving in ways that make it very difficult to take down the botnet. For example, while many worms will use one specified domain to phone home to and get instructions this worm is setup to try many random domains that are not yet registered. This complicates the efforts to fight it, because with just one domain the domain itself can be taken over. Security researchers have been registering some of the domains the worm will "phone home" to but due to the volume of random domains it can use they can't get them all and this leaves an easy way for the hackers to control the network by just registering one of the domains.

So these kinds of tricks is what makes this threat currently "undefeated", but it is very unlikely to be used for gratuitous attacks. This kind of work usually represents a significant investment, and is worth lots of money to the individuals who control it. Doing something like a DDOS attack to flood a country's internet connection isn't a very useful thing to do with it. It's most likely that this is a worm operated by for-profit hackers. Not a government or for-curiosity or for-politics hackers so those kinds of attacks are unlikely.

So what they are most likely to do with it is find a way to monetize their network of zombie computers. They can sell spamming services with it, they can steal credit card numbers to sell, they can even just "ransom" the infected computers in a process where they sell the fix to the problem they created.

But with all the attention the worm has gotten, some of these methods are hard to get away with. Right now it really seems like they are just trying to preserve control over the bot net and figure out a plan to make money off of it without getting caught.

In short, it's very likely that this will just contribute to more of the spam, fake anti-malware scams, and data theft that is already common place on the web. It's very unlikely that it will be used to do things like attack Australia's internet. If it did something like that, the control of the bot net would be risked for very little gain.

The article is essentially saying that this bot net is more resilient than they have typically been in the past. But the threat is nothing new, just more clever than normal.

I knew you'd be doing the Linux ideologue thing. It's really dumb advice, which I think even you know by saying it's "overboard" for most people. Operating system selection just shouldn't be motivated by this worm. I've had Linux machines compromised by worms and the solution to security problems are simple best practices on any platform.

Is there anything you are not an ideologue about?

Using good anti-virus and keeping up with security updates should not be limited to those using MS products.

Thank you for that very clear explanation, Robert!

Indeed, Drew.

... & a follow-up question, if I may. addressed to anyone in the know ...

These "good" anti-virus programs.: Could you name a few? And perhaps a few not-so-terrific?
(I'm currently using Norton)

You make "ideologue" seem like a bad thing. Actually, I thought I was being reasonable, I suggested that people not panic and use sensible precautions.
I don't know what is the opposite of ideologue -- but arguing that two choices are morally equal just because they have to be is a logical fallacy in any arena.

I am bit curious about the worms you had on Linux-- I suspect you are comparing apples with oranges. The Conficker worm is an exploit in the operating system, whereas most worms on Linux have been exploits of a framwork not related to the OS (e.g. PHP exploits).

Microsoft has made mistakes in its Operating Systems (and word processor etc etc) because they have consistently chosen features over security. They didn't have to do this, and there is nothing to say that other Operating Systems have to have done the same (or have the same amount of vulnerabilities). From what I read, Windows 7 is supposed to focus on fixing this more than their previous offerings.

That being said, I am not saying that this is a sole reason that people should shy away from Microsoft. My main point (which I think we all agree with and is thus not worth discussion further) is that taking sensible precautions is a good idea.

That owes in large part to the fact that I happen to see it that way. Gets old to see people who don't use Windows obsess about not using Windows.



I don't know anything about how two operating systems could be "morally equal". I'm not trying to argue that both are equal in any way, nor am I trying to argue that any one is better. I'm just weary of the Linux and Mac folk who see their hammer as the tool for every problem. This particular problem is just solved by the same best practices that anyone should use on any operating system: apply the security patches promptly.



Most that I remember off the top of my head are from installed software and I'm not sure if I've been involved in any actual kernel vulnerabilities, but that's where security exploits have been trending towards on all operating systems. Either way, Linux has had plenty of vulnerabilities in the operating system itself and not patching it for years would be a security problem too.

Switching to Linux won't help you at all if you engage in bad security practices such as downloading and running things haphazardly, not updating your operating system and not securing your connections with the global network (firewall).

Just taking those basics and you'll do fine. I've never had a Windows computer that I've been responsible for become a victim of any form of worm, virus or malware. Switching operating systems isn't what is needed to be safe, it's the safe practices.



All operating systems have vulnerabilities and need fixes published to cover the holes. This particular worm used a hole that Microsoft had already issued a fix for. All it took to prevent it was to apply security updates, and this is important no matter what operating system you use. That is essentially my point, that good practices are the best solution here and that your brand of Linux evangelism is more political and ideological than helpful and practical.

No matter what software you use, apply security updates promptly. They don't need to use your chosen operating system to be secure.

Honestly, it depends on the user. Some users are fine with no AV program at all. Some need one with a malware filter in addition to just viruses. And all of them kinda suck in some ways it seems.

The famous two are Norton and McAfee, and out of the two I prefer Norton, especially their corporate version without all the bells and whistles of the customer version.

Then there is Windows Live OneCare (don't ask, a retard does all the brand naming at Microsoft), and AVG, Avira AntiVir, avast, Kaspersky, BitDefender, Panda....

For paid I'd recommend Norton, for free I'd recommend AntiVir, AVG or Avast.

Thanks again, Robert.