Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New, Stealthy Conficker B++ Worm Discovered

CmdrTaco posted more than 5 years ago | from the god-i-love-that-name dept.

Security 87

nandemoari writes "A new variant of the Conficker/Downadup worm has been detected. The worm opens a backdoor on an infected machine and allows hackers remote control of infected PCs. Dubbed Conficker B++ (and not to be confused with Conficker B), the new variant of the worm opens a backdoor with auto-update functionality, allowing a hacker to distribute malware to infected machines. It's difficult to know exactly how long Conficker B++ has been circulating, but researchers first noticed it on February 6 of this year." If this seems familiar to you, it probably is.

cancel ×

87 comments

Sorry! There are no comments related to the filter you selected.

Why only B? (1)

wjh31 (1372867) | more than 5 years ago | (#26982577)

are they expecting another even better/worse one after this?

Re:Why only B? (1)

gEvil (beta) (945888) | more than 5 years ago | (#26982635)

Whoever created this is still working on it. He's hoping to perfect it soon, and then we'll have Conficker A+.

Re:Why only B? (3, Funny)

Neon Spiral Injector (21234) | more than 5 years ago | (#26982643)

Then he can sell it on eBay as A++++++++++++++

Re:Why only B? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26982751)

ebay? Never heard of it. Do you know the website number?

Re:Why only B? (0)

Anonymous Coward | more than 5 years ago | (#26982863)

"ebay? Never heard of it. Do you know the website number?"

Sure, no problem... it's 66.211.160.88

Re:Why only B? (0)

Anonymous Coward | more than 5 years ago | (#26983145)

modded as *lame*

Windows Update... (1)

Narnie (1349029) | more than 5 years ago | (#26988461)

I still think Microsoft should hire these guys to revamp Windows Update.

Re:Windows Update... (1)

Architect_sasyr (938685) | more than 5 years ago | (#26993777)

I'd have given a + mod but I have to make some points
  • Verification of update paths is difficult to secure if you're going to permit just anyone from doing it (i.e. a "torrent" style update).
  • A central authentication service, or a distributed-yet-centralised authentication service, is going to be necessary to deal with above step
  • Microsoft have to update an entire OS and package, "worm guy" only has to update a few programs, and if something breaks he doesn't care

Just a few, but there are a number of issues with distributed, safe, automatic updates. Mirroring out to secondary servers isn't a bad idea (a-la sourceforge or WSUS) but a corporation wants to maintain control over their product and who gets it. The most important one is probably the 3rd point though. Just something to think about before you go rag on an update system.

/me kicks OS X server for breaking CPAN installs

Re:Why only B? (1)

DesgarTadema (1437975) | more than 5 years ago | (#26983481)

It's like with the USS Enterprise: there are a lot of letters left in the alphabet.

Screenshots (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26982589)

Here are some screenshots of the worm opening its backdoor [www.exet.nu]

Re:Screenshots (0, Troll)

jetsci (1470207) | more than 5 years ago | (#26982613)

Something sinister is brewing inside..

Re:Screenshots (1)

ImYourVirus (1443523) | more than 5 years ago | (#26989301)

goatse, goatse!!! do not open!!!

Detection (3, Interesting)

jetsci (1470207) | more than 5 years ago | (#26982593)

Anyone know the procedure for detecting these? I imagine A/V companies setup 'honeypots' of sorts on high traffic networks and that but how do you detect something new like this? Do they track it through an old signature?

Re:Detection (1)

iztehsux (1339985) | more than 5 years ago | (#26983407)

I run a Nepenthes [carnivore.it] box on my network and I get collected hits from a variety of worms every single day. No sign of a Conficker worm trying to blast my net, but if something connects and gets detained, you can take it apart and look at it. Either way, it's pretty useful for tracking different random infected boxes and you could probably create a sig that uniquely identifies it.

Your official guide to the Jigaboo presidency (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26982615)

Congratulations on your purchase of a brand new nigger! If handled properly, your apeman will give years of valuable, if reluctant, service.

INSTALLING YOUR NIGGER.
You should install your nigger differently according to whether you have purchased the field or house model. Field niggers work best in a serial configuration, i.e. chained together. Chain your nigger to another nigger immediately after unpacking it, and don't even think about taking that chain off, ever. Many niggers start singing as soon as you put a chain on them. This habit can usually be thrashed out of them if nipped in the bud. House niggers work best as standalone units, but should be hobbled or hamstrung to prevent attempts at escape. At this stage, your nigger can also be given a name. Most owners use the same names over and over, since niggers become confused by too much data. Rufus, Rastus, Remus, Toby, Carslisle, Carlton, Hey-You!-Yes-you!, Yeller, Blackstar, and Sambo are all effective names for your new buck nigger. If your nigger is a ho, it should be called Latrelle, L'Tanya, or Jemima. Some owners call their nigger hoes Latrine for a joke. Pearl, Blossom, and Ivory are also righteous names for nigger hoes. These names go straight over your nigger's head, by the way.

CONFIGURING YOUR NIGGER
Owing to a design error, your nigger comes equipped with a tongue and vocal chords. Most niggers can master only a few basic human phrases with this apparatus - "muh dick" being the most popular. However, others make barking, yelping, yapping noises and appear to be in some pain, so you should probably call a vet and have him remove your nigger's tongue. Once de-tongued your nigger will be a lot happier - at least, you won't hear it complaining anywhere near as much. Niggers have nothing interesting to say, anyway. Many owners also castrate their niggers for health reasons (yours, mine, and that of women, not the nigger's). This is strongly recommended, and frankly, it's a mystery why this is not done on the boat

HOUSING YOUR NIGGER.
Your nigger can be accommodated in cages with stout iron bars. Make sure, however, that the bars are wide enough to push pieces of nigger food through. The rule of thumb is, four niggers per square yard of cage. So a fifteen foot by thirty foot nigger cage can accommodate two hundred niggers. You can site a nigger cage anywhere, even on soft ground. Don't worry about your nigger fashioning makeshift shovels out of odd pieces of wood and digging an escape tunnel under the bars of the cage. Niggers never invented the shovel before and they're not about to now. In any case, your nigger is certainly too lazy to attempt escape. As long as the free food holds out, your nigger is living better than it did in Africa, so it will stay put. Buck niggers and hoe niggers can be safely accommodated in the same cage, as bucks never attempt sex with black hoes.

FEEDING YOUR NIGGER.
Your Nigger likes fried chicken, corn bread, and watermelon. You should therefore give it none of these things because its lazy ass almost certainly doesn't deserve it. Instead, feed it on porridge with salt, and creek water. Your nigger will supplement its diet with whatever it finds in the fields, other niggers, etc. Experienced nigger owners sometimes push watermelon slices through the bars of the nigger cage at the end of the day as a treat, but only if all niggers have worked well and nothing has been stolen that day. Mike of the Old Ranch Plantation reports that this last one is a killer, since all niggers steal something almost every single day of their lives. He reports he doesn't have to spend much on free watermelon for his niggers as a result. You should never allow your nigger meal breaks while at work, since if it stops work for more than ten minutes it will need to be retrained. You would be surprised how long it takes to teach a nigger to pick cotton. You really would. Coffee beans? Don't ask. You have no idea.

MAKING YOUR NIGGER WORK.
Niggers are very, very averse to work of any kind. The nigger's most prominent anatomical feature, after all, its oversized buttocks, which have evolved to make it more comfortable for your nigger to sit around all day doing nothing for its entire life. Niggers are often good runners, too, to enable them to sprint quickly in the opposite direction if they see work heading their way. The solution to this is to *dupe* your nigger into working. After installation, encourage it towards the cotton field with blows of a wooden club, fence post, baseball bat, etc., and then tell it that all that cotton belongs to a white man, who won't be back until tomorrow. Your nigger will then frantically compete with the other field niggers to steal as much of that cotton as it can before the white man returns. At the end of the day, return your nigger to its cage and laugh at its stupidity, then repeat the same trick every day indefinitely. Your nigger comes equipped with the standard nigger IQ of 75 and a memory to match, so it will forget this trick overnight. Niggers can start work at around 5am. You should then return to bed and come back at around 10am. Your niggers can then work through until around 10pm or whenever the light fades.

ENTERTAINING YOUR NIGGER.
Your nigger enjoys play, like most animals, so you should play with it regularly. A happy smiling nigger works best. Games niggers enjoy include: 1) A good thrashing: every few days, take your nigger's pants down, hang it up by its heels, and have some of your other niggers thrash it with a club or whip. Your nigger will signal its intense enjoyment by shrieking and sobbing. 2) Lynch the nigger: niggers are cheap and there are millions more where yours came from. So every now and then, push the boat out a bit and lynch a nigger.

Lynchings are best done with a rope over the branch of a tree, and niggers just love to be lynched. It makes them feel special. Make your other niggers watch. They'll be so grateful, they'll work harder for a day or two (and then you can lynch another one). 3) Nigger dragging: Tie your nigger by one wrist to the tow bar on the back of suitable vehicle, then drive away at approximately 50mph. Your nigger's shrieks of enjoyment will be heard for miles. It will shriek until it falls apart. To prolong the fun for the nigger, do *NOT* drag him by his feet, as his head comes off too soon. This is painless for the nigger, but spoils the fun. Always wear a seatbelt and never exceed the speed limit. 4) Playing on the PNL: a variation on (2), except you can lynch your nigger out in the fields, thus saving work time. Niggers enjoy this game best if the PNL is operated by a man in a tall white hood. 5) Hunt the nigger: a variation of Hunt the Slipper, but played outdoors, with Dobermans. WARNING: do not let your Dobermans bite a nigger, as they are highly toxic.

DISPOSAL OF DEAD NIGGERS.
Niggers die on average at around 40, which some might say is 40 years too late, but there you go. Most people prefer their niggers dead, in fact. When yours dies, report the license number of the car that did the drive-by shooting of your nigger. The police will collect the nigger and dispose of it for you.

COMMON PROBLEMS WITH NIGGERS - MY NIGGER IS VERY AGGRESIVE
Have it put down, for god's sake. Who needs an uppity nigger? What are we, short of niggers or something?

MY NIGGER KEEPS RAPING WHITE WOMEN
They all do this. Shorten your nigger's chain so it can't reach any white women, and arm heavily any white women who might go near it.

WILL MY NIGGER ATTACK ME?
Not unless it outnumbers you 20 to 1, and even then, it's not likely. If niggers successfully overthrew their owners, they'd have to sort out their own food. This is probably why nigger uprisings were nonexistent (until some fool gave them rights).

MY NIGGER BITCHES ABOUT ITS "RIGHTS" AND "RACISM".
Yeah, well, it would. Tell it to shut the fuck up.

MY NIGGER'S HIDE IS A FUNNY COLOR. - WHAT IS THE CORRECT SHADE FOR A NIGGER?
A nigger's skin is actually more or less transparent. That brown color you can see is the shit your nigger is full of. This is why some models of nigger are sold as "The Shitskin".

MY NIGGER ACTS LIKE A NIGGER, BUT IS WHITE.
What you have there is a "wigger". Rough crowd. WOW!

IS THAT LIKE AN ALBINO? ARE THEY RARE?
They're as common as dog shit and about as valuable. In fact, one of them was President between 1992 and 2000. Put your wigger in a cage with a few hundred genuine niggers and you'll soon find it stops acting like a nigger. However, leave it in the cage and let the niggers dispose of it. The best thing for any wigger is a dose of TNB.

MY NIGGER SMELLS REALLY BAD
And you were expecting what?

SHOULD I STORE MY DEAD NIGGER?
When you came in here, did you see a sign that said "Dead nigger storage"? .That's because there ain't no goddamn sign.

profit motive (1)

BigHungryJoe (737554) | more than 5 years ago | (#26982627)

I'm assuming there's some sort of profit motive behind all this virus writing... is it to generate crappy run-of-network traffic for ad revenue? Identity theft? Extorting money from online businesses by threatening to turn your bot network on them? What?

Re:profit motive (5, Funny)

Anonymous Coward | more than 5 years ago | (#26982787)

Sell anti-virus software.

Re:profit motive (5, Interesting)

Saint Aardvark (159009) | more than 5 years ago | (#26982973)

You laugh, but that situation is just what F-Secure describes [f-secure.com] for an unrelated bit of Facebook malware [f-secure.com] . FTFA:

As we pointed out in yesterday's post, the timing of the Facebook "Error Check System" application and the subsequent Google search results pointing to rogue antivirus sites was almost too perfect to be a coincidence. It's entirely possible that the whole situation was designed to promote XP Antivirus variants such as "Antivirus 360" and "XP Police" (Rogue:W32/XPAntivirus). That's the formula, create something that spawns a search, then be ready to provide results that redirect to malicious sites. Either that or the bad guys are very quick on their feet and are ruthlessly opportunistic.... They're both.

Re:profit motive (0)

Anonymous Coward | more than 5 years ago | (#26985379)

Not even unrelated, in fact. Same damn people, sort of.

Conficker-A actually did push XPAntivirus (although the download domains died really quickly) - and the update signing scheme is absolutely identical to the one XPAntivirus uses, so presumably the author of Conficker has some sort of connection to those people, either an ex-developer of Baka Software, or he's sold the stuff to them.

Conficker-B and later variants appear to be written based on the same source code after the author left Baka Software; but it's a heavily revised, v2 of the virus (or worm, if you prefer), with no spyware droppage, no avoidance of the Ukraine (the author is NOT Ukrainian, he just worked for them?), the USB infection vector added (that really pushed it out to the masses of corporate/gov/etc networks) and some heavy internal changes regarding the mutex and sploit payloads.

What we're seeing here is basically v2.1 (B+ or B++); incremental improvements, in this case swapping the centralised command & control with generated fast-flux DNS names slowly to an update mechanism that can, in a future update, go entirely P2P; I estimate we'll see a future version push itself through that mechanism, which will no longer need the DNS at all, but will have an entirely decentralised command & control.

I worry about where this is going next; the author is unusually skilled. I really hope the author doesn't know about the Nitmar countdown technique.

Re:profit motive (1)

Yvanhoe (564877) | more than 5 years ago | (#26982867)

Spam providers exist and will organize your "ad campaign" for a small fee. They need a bot to send millions of mail.
Scamers and phishers need anonymate also, a botnet can provide this.
There is also the very possible old-fashion extortion, mafia style.

Re:profit motive (4, Insightful)

Lord Ender (156273) | more than 5 years ago | (#26982907)

Botnets can be profitable, however, someone skilled enough to write the malware necessary for botnet creation could likely be making better money in the private sector with a real job and no jail risk (in the US, at least). Most of the stuff I see comes from Eastern Europe or Asia, where law enforcement is unlikely to prosecute and there aren't decent Software industries hiring people with programming talent.

So they make money by

  • sending spam
  • click-fraud (scamming web advertisers)
  • stealing CC numbers
  • DDoS extortion (yes, european banks have paid botnet owners' extortion demands to avoid getting DoSd.)

Re:profit motive (1)

domatic (1128127) | more than 5 years ago | (#26982995)

DDoS extortion (yes, european banks have paid botnet owners' extortion demands to avoid getting DoSd.)

You'd think large banks would be more able to "follow the money" better than most victims and swing the clout to do something about it once they have.

Re:profit motive (1)

Zironic (1112127) | more than 5 years ago | (#26983555)

[citation needed]

Re:profit motive (0)

Anonymous Coward | more than 5 years ago | (#26983317)

DDoS extortion (yes, european banks have paid botnet owners' extortion demands to avoid getting DoSd.)

Citation needed.

Re:profit motive (3, Interesting)

stevey (64018) | more than 5 years ago | (#26983561)

That's not necessarily true - I mean the skills required to exploit a known security hole aren't terribly difficult.

If you're familiar with a small amount of low-level coding you can easily follow cookbook-style tutorials to getting shellcode executed. At that point you're done.

Sure you need to do some disguising, and you need to understand a bit of crypto to setup a key-verification for downloading updates.

But I'd expect there are literally millions of coders still kicking around from the 80s/90s who did assembly programming under MS-DOS who would be able to write that kind of code - and because it isn't really really skilled work the chances are high that a significant proportion of those developers are unemployed.

Re:profit motive (1)

Lord Ender (156273) | more than 5 years ago | (#26985067)

I disagree with you.

Point 1: Building and managing a botnet is not just "exploit[ing] a known security hole."

Point 2: Your statement that computer programming is not "skilled work" is just bizarre.

Point 3: Your statement that a "significant proportion" of "millions of coders" are unemployed isn't backed up by any evidence I've seen. Unemployment is high right now, but not among programmers.

Re:profit motive (1)

stevey (64018) | more than 5 years ago | (#26985193)

A botnet starts off with one machine, scanning the world for more vulnerable hosts and exploiting them in turn. Sure you'd do better if you were to have a few hundred to start with - but building a botnet, assuming you can create an exploit is almost trivial.

I wasn't suggesting that computer programming is unskilled, merely that there are no real special skills required to exploit a security hole - which is what you were trying to imply.

(i.e. Botnet writers are not so amazingly skilled that they would be snapped up in a hurry, which was the point you were trying to make.)

As for unemployment, you could be right I'll not try to argue that either way really. My main point was that somebody capable of creating and controlling a botnet is not so very highly skilled that they're certain of a high paying job, which was your assertion.

Re:profit motive (1)

Lord Ender (156273) | more than 5 years ago | (#26985621)

Have you actually studied botnets? Especially modern ones like conficker? To build one, you need to get an exploit working, you need to write the virus component so that it spreads, and you need to write the server (bot) component. You must also include some tricks to disable security software, and perhaps implement a code obfuscation process which can't be easily reverse-engineered. On top of all that, you MUST have a sophisticated method for controlling the botnet that is highly scalable, extremely difficult to track, and extremely difficult to disable by ISPs.

This isn't something that requires a super genius, but it's not something most college-educated entry-level programmers would be able to even do. Senior-level programmers would have trouble with it, as well. It's not kid's stuff.

Re:profit motive (1)

stevey (64018) | more than 5 years ago | (#26986335)

Yes I've studied them, partly because i used to code exploits in the past, and partly out of curiosity.

I did say initially there are parts to them that require knowledge. The authentication steps to ensure the owner keeps control, and the rootkit components to hide them once installed would probably be the most challenging aspects of the net.

But none of the pieces are individually hard to code (I've written several of them myself) and while a junior/entry-level programmer might struggle I'm not convinced they are particularly difficult to construct from start to finish.

If anything I'm impressed that we see so few botnets!

Re:profit motive (1)

Lord Ender (156273) | more than 5 years ago | (#26987463)

There is a difference between writing "a few" botnets, and writing one that actually works. Yours didn't work. You didn't have a control channel sophisticated enough to scale and avoid standard security controls.

Re:profit motive (1)

stevey (64018) | more than 5 years ago | (#26987551)

You misunderstand me - I didn't mean to say I've created and released botnets into the wild.

I meant that with private networks I've created self-replicating code which actively scanned and infected new hosts and had a sophisticated control mechanism which allowed control, updates, and activities.

Still I've either convinced you that writing a bot, and by extension creating a botnet, is not exceptionally difficult - or I haven't.

Re:profit motive (1)

dave562 (969951) | more than 5 years ago | (#26986543)

But I'd expect there are literally millions of coders still kicking around from the 80s/90s who did assembly programming under MS-DOS who would be able to write that kind of code - and because it isn't really really skilled work the chances are high that a significant proportion of those developers are unemployed.

That's right. I cut my teeth on x86 ASM cracking warez and writing virii. Programming never really grabbed my attention though. All things considered it was much too dry and structured. I didn't want to spend my life writing functions and low level code. Push to stack, pop from stack, xor, nop, znj, blah blah blah. Once Microsoft came out with Win95 and started to cut off direct calls to the CPU, my rudimentary ASM skills become more or less obsolete.

I'm still predicting that sooner or later, Apple via OSX is going to see a huge outbreak of malware. An x86 CPU is an x86 CPU. It will run the same low level code, whether that code is executed through Windows or OSX. It just seems like Apple has done a slightly better job of controlling access to the hardware than Microsoft has. The payloads are all ready to go. Someone just needs to find a chink in the armor. Once Apple gets enough market share to make it worth while, those chinks will be found. Until then, everyone will keep going after the low-hanging fruit that are the Windows boxen.

Re:profit motive (0)

Anonymous Coward | more than 5 years ago | (#26983687)

The weird thing with the Conflicker virus is despite its high global penetration rate and its the wiz-bang capabilities, it hasn't really done anything other than to spread itself. At least, I haven't read about any damage caused by it, other than PC's getting infected by it. So far, all the articles about it discuss its potential for causing problems, but that's it. So the question becomes, what are the virus writers waiting for? Did they create a malware-for-hire platform before they had any customers, or are they just doing beta testing and analyzing the securities industry's response for weakness in their mitigation and containment strategies?

This is just a passing virus (5, Funny)

BadAnalogyGuy (945258) | more than 5 years ago | (#26982665)

No need to worry. I'd be more worried about Conficker C. Lots of opportunities to shoot you in the foot.

Then someone will undoubtedly create Conficker C++ and everyone will cry about how hard it is to understand and they will all flock to Conficker Java which promises a much cleaner object system.

But eventually you know that some idiot is going to write Conficker C# which looks suspiciously like Conficker Java, but after a while grows into this gigantic mess of quickfix designs.

So if you think Conficker B is bad, just wait a while.

Re:This is just a passing virus (1)

jetsci (1470207) | more than 5 years ago | (#26982707)

Did they already release Conficker-Basic?

Re:This is just a passing virus (1)

Ian Alexander (997430) | more than 5 years ago | (#26986193)

Well yeah, but you need the BASIC interpreter installed to run it, so it's not like it does anything on 99% of systems.

How to detect Conficker C# (4, Funny)

Dystopian Rebel (714995) | more than 5 years ago | (#26983021)

The only way to detect Conficker C# is that it requires the .NET runtime environment and MS SQL Server Express.

Re:How to detect Conficker C# (0)

Anonymous Coward | more than 5 years ago | (#26983379)

Don't worry, Miguel de Icaza will port it to Mono

Re:How to detect Conficker C# (1)

b4dc0d3r (1268512) | more than 5 years ago | (#26983659)

And once again mono prevalence increases due to viruses. Just like the good old days!

Re:How to detect Conficker C# (1)

yanyan (302849) | more than 5 years ago | (#26983821)

That does it. Windows users have all the fun. This is just another sign that Linux will never, ever gain widespread acceptance. And that fabled Year of the Linux Desktop? Keep dreaming guys. I'm dumping Bubuntu Linux XP and moving to Windows. See you around suckers.

Re:How to detect Conficker C# (1)

Vu1turEMaN (1270774) | more than 5 years ago | (#26983841)

What are you talking about? Its in the .NET 3.5 Installer!

Why do you think the full-package installer of 3.5 needs an internet connection to download more? Conspiracy!

Re:This is just a passing virus (0)

Anonymous Coward | more than 5 years ago | (#26983871)

Wake me up for Conficker Python.

Functional malware (1)

kkrajewski (1459331) | more than 5 years ago | (#26985773)

Don't about Conficker Lisp -- it overflows your buffers with parentheses.

Re:This is just a passing virus (1)

lennier (44736) | more than 5 years ago | (#26988341)

Forth Conficker powerful very is to used getting some takes but.

Cornfucker national anthem... (2, Funny)

Smidge207 (1278042) | more than 5 years ago | (#26982711)

*ahem* [taps microphone, clears throat again] *ahem*

And a five, six, seven, eight:

"Botnets, worldwide botnets.
What kind of boxes are on botnets?

Compaq, HP, Dell and Sony, TRUE!
Gateway, Packard Bell, maybe even Asus, too.

Are boxes, found on botnets.
All running Windows, FOO [fu]!"

=Smidge=

Armour Hot Dogs? (2, Funny)

srobert (4099) | more than 5 years ago | (#26983681)

Seems to go with the Armour Hot Dog song. Was that the intent?

Old news? (1)

davidwr (791652) | more than 5 years ago | (#26982721)

Is it just me or has /. been reading like yesterday's news lately?

Re:Old news? (1)

Logical Zebra (1423045) | more than 5 years ago | (#26982763)

That might be because it takes so long for stories to get approved...

Re:Old news? (3, Insightful)

AlterRNow (1215236) | more than 5 years ago | (#26982783)

News for nerds, stuff that matter[ed yesterday]!

On another note, if the editor knew of the previous story.. why was it posted? I must admit, I'm not very knowledgeable on the editorial process of ./

Re:Old news? (3, Funny)

Duhfus (960817) | more than 5 years ago | (#26982873)

I must admit, I'm not very knowledgeable on the editorial process of ./

Don't worry, the editors don't either.

Re:Old news? (3, Funny)

Spatial (1235392) | more than 5 years ago | (#26983009)

The editors are a great guy, they accidentally a dupe and don't afraid of anything.

You heard about the infinite amount of monkey's? (1)

SmallFurryCreature (593017) | more than 5 years ago | (#26983619)

A bit like having an infinite amount of monkey's writing shakespear. Sadly they could only aford half a dozen monkey's but what they lack in numbers they make up for in poop slinging skills.

How about a million monkeys? (0)

Anonymous Coward | more than 5 years ago | (#26984471)

"Imprison a million monkeys in a room with a million typewriters and wait a billion years and you'll end up with many dead monkeys and a printed copy of Wikipedia." - John Le'Brecage

Re:Old news? (0)

Anonymous Coward | more than 5 years ago | (#26983709)

Slashdot has an editorial process? Dude, you just blew my mind.

Re:Old news? (1)

icannotthinkofaname (1480543) | more than 5 years ago | (#26983805)

I'm not very knowledgeable on the editorial process of ./

Neither am I. Come to think of it, this is the first I've heard of the "editorial process of the current working directory." I ought to go googling later....

Or is there some other dot-slash that's relevant to this story?

Re:Old news? (1)

AlterRNow (1215236) | more than 5 years ago | (#26995209)

Nicely spotted

Re:Old news? (1)

Cthefuture (665326) | more than 5 years ago | (#26985309)

Meh, I would not have seen it if it wasn't posted today. Who cares about a few duplicates every once in a while. You get a fresh update and maybe some new people talking about it.

wrong (0)

Anonymous Coward | more than 5 years ago | (#27027919)

YOU are the reason Slashdot sucks NOW.

But can it.... (3, Funny)

SGDarkKnight (253157) | more than 5 years ago | (#26982743)

cause five tankers in the Ellingson fleet to capsize?

Re:But can it.... (1)

Acapulco (1289274) | more than 5 years ago | (#26983297)

"The little boat...flipped over." - Mr. The Plague

Re:But can it.... (1)

V!NCENT (1105021) | more than 5 years ago | (#26983735)

"A hacker planted the virus"
-"Is that -?"
"-That is mr. conflicker B++"
-"Well then, put our servers under Linux control"
"There's no such thing anymore, Duke. These computers are fully DRMised. It relies on satalite internet, which links our servers to Redmond"

Ninnle is safe (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26982859)

This blasted worm that is attacking Winzoe systems worldwide doesn't even affect Ninnle Linux.

Underpants Gnomes (0)

Anonymous Coward | more than 5 years ago | (#26982871)

I keep trying to turn this into an Underpants Gnomes joke, but I can't figure out where to put the ?????

1) Write virus and infect your honeypot system.
2) Write paper on said virus and publish on add supported web site.
3) Post several pointers to said web site on /.
4) Profit
5) Repeat with new variants.

It just doesn't make sense. Where do the ?????'s go?

Conficker-C++ under development (1)

inthedump (1484859) | more than 5 years ago | (#26982875)

While all this goes on, Conficker-C++ is under development. Programmers wanted. You need to have 30+ years of experience in C++ and a work out of a garage preferred located in Asia.

I can't seem to get a Linux copy of this worm (2, Funny)

mrphoton (1349555) | more than 5 years ago | (#26982965)

I am feeling very left out, I can't seem to find Conficker B++ or even Conficker B in my yum repository. sigh... It is such a shame that linux is always behind the curve as far as new and exciting features are concerned.

Re:I can't seem to get a Linux copy of this worm (0)

Anonymous Coward | more than 5 years ago | (#26983179)

How about you write your own version ya lazy shit?

Re:I can't seem to get a Linux copy of this worm (1)

gzipped_tar (1151931) | more than 5 years ago | (#26983263)

I am feeling very left out, I can't seem to find Conficker B++ or even Conficker B in my yum repository. sigh... It is such a shame that linux is always behind the curve as far as new and exciting features are concerned.

'Coz the distro maintainers refused to include non-opensource binary blob in their repo.

Make yourself heard. Chances are the malware author is considering opensourcing it too but no one's asking for it so far.

Re:I can't seem to get a Linux copy of this worm (0)

Anonymous Coward | more than 5 years ago | (#26983655)

I'll check my pacman repos.

Re:I can't seem to get a Linux copy of this worm (0)

Anonymous Coward | more than 5 years ago | (#26983713)

The author doesn't give a shit about your platform because it has 0% market share.

Re:I can't seem to get a Linux copy of this worm (1)

icannotthinkofaname (1480543) | more than 5 years ago | (#26983827)

Just install Wine and run it through that. /problem>

Confusion (1)

Dan East (318230) | more than 5 years ago | (#26982989)

Conflicker B++ should not be confused with Objective Conflicker B. Fortunately, they can easily be distinguished from one another - Objective Conflicker B has many more square brackets.

UseLess Computer Science Departments: +1, True (0)

Anonymous Coward | more than 5 years ago | (#26983147)

Why don't the genius Computer Science majors tackle this problem?

Rob Pike was right. Systems software research is dead.
More importantly , the faculty members and students are
dead heads with Linux, TeX, Java, and C++.

Yours Computationally,
Kilgore Trout

Re:UseLess Computer Science Departments: +1, True (0)

Anonymous Coward | more than 5 years ago | (#26984533)

Most CS people are using virtually 100% secure platforms like OS X where worms are just curiosities, not hazards.

Who is at risk? (2, Informative)

Anonymous Coward | more than 5 years ago | (#26983295)

Let's turn this blog positive.

  What current anti-virus solution detects and removes this new variant ?,
  Who is it risk?, people with updated anti virus solutions? or just people who don't use and update them?
Are people with Linux and OS-X at risk also ? What is the scope of it?
If Linux and OS-x are not threatened This might be another reason Not to use Windows ?
  The answers to these will help people determine just how big a threat or not this new variant might be, and help them help themselves

 

Re:Who is at risk? (2, Informative)

dave562 (969951) | more than 5 years ago | (#26986609)

The article spells it out. People who haven't applied the security patch that Microsoft released months ago are vulnerable. The rest of the world are just fine. So like usual, it comes down to the poor home users who get screwed while the corporate networks who actually have admins doing their job maintaining them are doing just fine. Luckily things are better and only the subset of home users who don't have automatic updates turned on are screwed.

Re:Who is at risk? (1)

gad_zuki! (70830) | more than 5 years ago | (#26989317)

The patch stops the SMB vulnerability, but I believe the USB auto-run is just an executable. There's no vulnerability needed if the OS is going to run the autorun a file as administrator.

MS should just globally disable autorun. This is getting out of hand. Half of these infections is probably some low-paid tech inserting the same usb drive into his customers computers. That seriously would not surprise me.

THIS FP FOR 0GNAA (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26983451)

FreeBSD used to cans cAn become

so if I understand this correctly .... (2, Interesting)

nblender (741424) | more than 5 years ago | (#26984077)

We (the global 'we') had a chance to stop conflicker before this version came about; by working with the registrars and/or root nameservers; pre-emptively invalidating each of the algorithmically generated domain names on a day by day basis; preventing cornfucker from updating itself or receiving instructions on how to proceed. The authors noticed that we could do that and before we could think of it, modified it so that once we did think of it; it would be too late....

I clearly must not understand the intricacies of this....

My fantasy (because I won't be affected by this) is that once the owners of the botnet are sufficiently happy with their market-share, will instruct cornfucker to encrypt all files on everyone's PC and then wait for the moneh to start rolling in....

Re:so if I understand this correctly .... (0)

Anonymous Coward | more than 5 years ago | (#26989689)

I clearly must not understand the intricacies of this....

Nice understatement.

cornfucker (0)

Anonymous Coward | more than 5 years ago | (#27027881)

cornfucker. Yes. Thank you. WOW.

Proper naming convention, please (2, Interesting)

LordSnooty (853791) | more than 5 years ago | (#26984669)

Conficker/Downadup? B? B++? Is it time we had a proper naming scheme for these things? For this instance we've seen several companies getting together to coordinate a response - that's good. But even better, if everyone were to agree on the same name, WE could coordinate our response too.

And what kind of scheme? Well, how about following the convention of the hurricane trackers? 26 names assigned to each major piece of malware that appears throughout the year. This is a double bonus, as ending the practice of using the authors' chosen names might take away some of that bragging aspect. "Oh, you wrote Malware Julie did you?? Bwahaha"

Re:Proper naming convention, please (1)

Culture20 (968837) | more than 5 years ago | (#26986477)

Conficker/Downadup? B? B++? Is it time we had a proper naming scheme for these things?

You forgot Net-Worm.Win32.Kido.bt

Well, how about following the convention of the hurricane trackers? 26 names assigned to each major piece of malware that appears throughout the year.

Malware writers might get sloppy as they vie for the top names, trying to make sure that _their_ malware becomes a headline in just the right time to be named "Thor" or "Linus".

And guess what? (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26985385)

It doesn't affect me and I don't care!

When Change comes to viruses (1, Funny)

lord_sarpedon (917201) | more than 5 years ago | (#26987945)

I'd like to see an incredibly stealthy virus - one that stays out of the way to the point that it isn't detected for some number of years.

Have it patch key parts of the Windows kernel to degrade performance in subtle but believable ways...
Lobotomize the scheduler so that context switches occur much less often than they should for responsiveness.
Kick up the swappiness from Ridiculous (stock setting) to We've-gone-plaid
Divide the given buffer length for each I/O operation so that CPU usage goes up and throughput goes down.

I wonder if we'd _ever_ notice.

Re:When Change comes to viruses (2, Funny)

daveime (1253762) | more than 5 years ago | (#26991279)

You just described Vista ...

Linux Users have a root (0)

Anonymous Coward | more than 5 years ago | (#26994403)

Windows would be fine if it could get a root. ;)

Seriously though - for all the "are you sure?" pop-ups from vista why are there so many exploits. That is, how could the user make vista any worse - give them superuser privileges that way you won't get exploited by an app.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>