×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Conficker Downloads Payload

CmdrTaco posted about 5 years ago | from the still-the-best-name-ever dept.

Worms 273

nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

273 comments

Finally? (1, Troll)

KGIII (973947) | about 5 years ago | (#27516743)

It's about damned time. Can we stop reading about this daily now?

Re:Finally? (3, Insightful)

Anonymous Coward | about 5 years ago | (#27516857)

No. It is the only news.

At least (1)

cha0zmag3 (1521207) | about 5 years ago | (#27516795)

all the doom and gloom prophets can say they were right, and then tell us to believe that the earth still revolves around the sun.

april fools (4, Funny)

gEvil (beta) (945888) | about 5 years ago | (#27516819)

Downloading its payload and going live a week after April 1? Now that's the way to do an April Fools joke.

Re:april fools (5, Insightful)

Rik Sweeney (471717) | about 5 years ago | (#27516895)

I think the Conficker was going for the clichéd horror film approach. Granted, it should have really done it on April 2nd but doing it this way has probably blind sided more people.

Re:april fools (5, Funny)

Lumpy (12016) | about 5 years ago | (#27517183)

That honestly would have rocked...

April 1 - 2009 Conflicker downloads and activates it evil payload. Computer screens all over the world go black with large red numbers counting down to....... something......

Do it like the many really bad computer hacker movies. That would simply be funny as hell. The raging panic from the easily panicked sheep, Fox news will report that Conflicker turns your computer into a bomb, etc....

THAT would be the coolest April fools joke ever.

Re:april fools (1)

gr8_phk (621180) | about 5 years ago | (#27517547)

Downloading payload a day after the news that computers controlling the grid have been infected by spyware. "oh crap they're on to us. Better attack now before they run spybot on everthing."

Holidy Weekend. (4, Interesting)

GreggBz (777373) | about 5 years ago | (#27516859)

Bots and spammers typically wait for the holiday weekends; like playing your starters against their backups.

Re:Holidy Weekend. (3, Funny)

skeeto (1138903) | about 5 years ago | (#27517719)

like playing your starters against their backups.

Could you change that into a car analogy? Thanks!

Re:Holidy Weekend. (5, Funny)

thedonger (1317951) | about 5 years ago | (#27517793)

It's like showing up to a street race in a rickety-looking Ford Escort which secretly houses a small block V8 with nitrous.

It's like a porn star showing up to a naked pool party for men with erectile dysfunction.

It's like bringing a gun to a knife fight.

Re:Holidy Weekend. (4, Funny)

Culture20 (968837) | about 5 years ago | (#27518281)

like playing your starters against their backups.

Could you change that into a car analogy? Thanks!

It's like playing your things that you turn the key in that makes your engine go vroom!vroom! against their things that go Beeeeep Beeeeeep Beeeeep.

Blame Obama (-1, Troll)

Anonymous Coward | about 5 years ago | (#27516869)

Obama has had his finger up his ass since day 1.
Obama is soft on ship piracy, soft on muslims, soft on korean nuclear agression.
Obama is a limp dick. He's soft.

It is now time to impeach Obama.

Re:Blame Obama (4, Funny)

Richard.g.k (1215362) | about 5 years ago | (#27517019)

See, if you're going to go all political and off-topic, you should at least try and make some sort of attempt to link it to the story at hand...

for example...

If you look at the facts the conficker virus and waladac botnet are CLEARLY parts of a vast left wing conspiracy which is obviously fronted by obama because the democrats want to take as much of your processing power as they do your income

Re:Blame Obama (-1, Troll)

Anonymous Coward | about 5 years ago | (#27518143)

and now Obama is going to make Angelina Jolie his Internet Guru because she was in the movie Hackers... lets just hope he doesn't put her in a blue dress and try to inject her with his worm/Trojan (tm).

Re:Blame Obama (0)

Anonymous Coward | about 5 years ago | (#27518203)

Wow ! Thanks! I didnt know that.

I'm going back to bed now...

april fools? (5, Insightful)

pickle_in_being (1522709) | about 5 years ago | (#27516873)

I think it would have been more logical for conficker to download it's payload on the 1st of April itself, so that people would take the threat less serious.

Re:april fools? (5, Interesting)

Norsefire (1494323) | about 5 years ago | (#27517051)

Everyone was expecting that and was prepared for it. A week later, everyone's forgotten about it. Also with this timing if something starts going wrong now it will be difficult to get anyone to fix it until Tuesday.

Re:april fools? (2, Insightful)

Richard.g.k (1215362) | about 5 years ago | (#27517157)

I would think that the security companies would at some level keep things running 24/7, since the internet never sleeps

And if not, thats very surprising to me

Re:april fools? (2, Funny)

Gunnut1124 (961311) | about 5 years ago | (#27517873)

Overworked Atheist Security Experts to the rescue?

The lack of religious holidays would likely foil most attempts to catch them with their pants down...

Re:april fools? (2, Interesting)

MeisterVT (1309831) | about 5 years ago | (#27517097)

In this case everyone was growing to expect just that, and would therefore be taking it seriously. Or at least people that could do something about it would. Now, since nothing much has happened people are lulled into a false sense of security and become lax or start considering the threat that something big was happening on 4/1 the real joke.

Now that the hype has supsided, what better time to strike? I think that dovetails nicely with GreggBZ's earlier post about the holiday weekend (for some of us).

Re:april fools? (1, Insightful)

Anonymous Coward | about 5 years ago | (#27517471)

...start considering the threat that something big was happening on 4/1 the real joke.

Something big was was happening on the fourth of January?

Oh, never mind - you're an American. Of course. You write the date the wrong way around.

(I wish you people would think, occasionally, and realise that websites are international - there are intertubes running to other countries too - I believe even Canada has the internet these days.)

Re:april fools? (1, Funny)

Anonymous Coward | about 5 years ago | (#27517759)

Go cry.

Re:april fools? (1)

mahdi13 (660205) | about 5 years ago | (#27517839)

Half the world writes it 4/1 the other half 1/4, the one you use doesn't make it any better then the one they use.
It's a big world, you have to expect people to do things differently then you do...but then that would be thinking people are individuals and it's ok to be different

Re:april fools? (1)

mowall (865642) | about 5 years ago | (#27518241)

Half the world writes it 4/1 the other half 1/4

Not true - the majority write the day first. See the map here [wikipedia.org]. It seems the Chinese are the only ones who get it "right"!

Potato Blight for computers (5, Insightful)

MosesJones (55544) | about 5 years ago | (#27516875)

One of the major causes of the Potato famine in Ireland was the reliance on a single product (the potato) and an inability to shift to a more varied diet. Things like ILoveYou and Conflicker are preying on exactly the same homogeneous environment as they know that hitting one element yields massive results.

Now given that this homogeneity has been driven in part via a convicted monopolist then it really is interesting how little political attention this gets. Arguably these sorts of attacks are more of a modern challenge than "traditional" terrorism and against a background of economic woe we can all do without a bunch of companies getting taken offline for a few days or suffering from industrial espionage.

We don't learn from history, we don't apply history to new cases we just stand back in amazement after letting homogeneity develop at the impact that a relatively simple flaw can have across a large group of people.
 

Re:Potato Blight for computers (4, Insightful)

Ed Avis (5917) | about 5 years ago | (#27516967)

Yeah, because obviously the answer is to have a hundred different systems with a hundred different sets of vulnerabilities. That will be much easier to keep patched.

Re:Potato Blight for computers (5, Insightful)

entirely_fluffy (756018) | about 5 years ago | (#27517083)

>Yeah, because obviously the answer is to have a hundred different systems >with a hundred different sets of vulnerabilities. That will be much easier >to keep patched. well, actually, this really is the answer - you never get rid of vulnerabilities but you can put enough variation in them that specialised viruses become less effective.

Re:Potato Blight for computers (4, Insightful)

Anpheus (908711) | about 5 years ago | (#27517177)

Or, since the barrier to entry is so low as far as blackhats are concerned, ALL systems end up being more insecure and virus-ridden and no one benefits.

Or virus-writers will pick, instead of the top 1, the top 5, or the top 50% of systems, and target those. Unless it were a truly heterogeneous network, with every single person having their own hand-crafted OS and application set, there will be viruses because people, dammit, want to see the dancing bunnies.

Reference: http://www.codinghorror.com/blog/archives/000347.html [codinghorror.com]

Re:Potato Blight for computers (1)

Larry Clotter (1527741) | about 5 years ago | (#27517249)

well, actually, this really is the answer - you never get rid of vulnerabilities but you can put enough variation in them that specialised viruses become less effective.

So the answer is to have a solution that is a nightmare for anyone who has to maintain it? Yeah, that sounds brilliant.

Re:Potato Blight for computers (0)

RiotingPacifist (1228016) | about 5 years ago | (#27517159)

No but it would be a lot harder to exploit and that is GP point. Additionally in a heterogeneous system all the computers have to stick very strictly to well defined protocols (to avoid incompatibility) which makes it easier for firewalls to block any strange behavior.

Re:Potato Blight for computers (2, Insightful)

Ed Avis (5917) | about 5 years ago | (#27517455)

No but it would be a lot harder to exploit and that is GP point.

Why? It is often only necessary to attack the weakest link in the chain. To get inside a company network and copy documents available to employees, for example, only one employee workstation needs to be subverted. That is easier if there are several different systems running - just pick the crappest one and exploit that.

Of course, it's arguable that the one system which is widely deployed in a monoculture today is in fact that one crappest and least secure of all the choices available. In which case adding a bit more variety would not hurt things, but it wouldn't improve them either, unless almost all the Windows systems were removed.

Re:Potato Blight for computers (0)

Anonymous Coward | about 5 years ago | (#27517201)

I vote for a Microsoft run torrent tracker. It's really fucking stupid that after all these years our OS programmers haven't adapted to their operating environments.

The way I see this, we wouldn't need Windows Defender, Microsoft Malicious Software Removal Tool, or any of that other bloat. MS should, as part of the cd-key activation, provide its customers with an account on it's Windows Torrent Tracker. Each and every file the OS is comprised of would be authenticated, hashed, and served by the actual vendor, MS. The functional part of this idea would be an encrypted and obfuscated hash checking service. Scans could be run in real time or on a schedule. With the abundance of network bandwidth and CPU cores we will have over the coming years, the processing power a system like this would consume will be negligible.

Now, feel free to shred this idea to ribbons. Or better yet, feel free to help make this a better idea.

Install your OS fresh on every boot? (1)

pentalive (449155) | about 5 years ago | (#27518053)

Even with bittorrent...

1) Booting when no network available?

2) Spread viruses even faster if one or more of the seed machines is infected?

3) Microsoft's new revenue model..

1- Get people to download a new os each boot
2- Be the only place to get it from
3- Begin charging for each boot
4- Profit

Re:Potato Blight for computers (0)

cyn1c77 (928549) | about 5 years ago | (#27517287)

Yeah, because obviously the answer is to have a hundred different systems with a hundred different sets of vulnerabilities. That will be much easier to keep patched.

His point was that you don't need to keep things patched as regularly if you have a wider variety of OSes because there will be less people finding vulnerabilities, less incentive to exploit them,and less hackers writing worms for a given OS.

Re:Potato Blight for computers (4, Interesting)

Ed Avis (5917) | about 5 years ago | (#27517591)

His point was that you don't need to keep things patched as regularly if you have a wider variety of OSes because there will be less people finding vulnerabilities, less incentive to exploit them,and less hackers writing worms for a given OS.

That is the definition of 'security through obscurity'. I would not want to run an insecure system and hope to be safe because nobody else had heard about it. True security means using well-known and peer-reviewed code (but not 'well known to be crap').

Re:Potato Blight for computers (1)

Larry Clotter (1527741) | about 5 years ago | (#27517639)

Except in such a case you just have to exploit one box and you get access to the rest. There went all your brilliant planning and schemes.

Patch? (5, Insightful)

SmallFurryCreature (593017) | about 5 years ago | (#27517337)

Why would you need to patch if nobody has a clue about how to attack your system?

well, actually you got a point but you come at it from the wrong angle.

The problem is that thanks to the net, EVERY COMPUTER IS THE SAME. Internet capable...

Effecticly, this is to sexually transmitted virusses as all of us screwing everyone else at the same. The internet is a gangbang of computers.

What this leads to is that no matter how obscure your OS and the bugs on it, someone somewhere will know about it and have, thanks to the sheer size of the net, have thousands if not hundreds of thousands of targets.

There may not be many amiga's left but if they were all infected, it would still be a nice botnet.

Re:Patch? (2, Interesting)

Larry Clotter (1527741) | about 5 years ago | (#27517701)

Why would you need to patch if nobody has a clue about how to attack your system?

Because if even one system in your heterogeneous environment is exploitable you have just given them an easy backdoor to the rest of your system. If all systems aren't patched up you've only created a false sense of security and you've increased your maintenance costs many magnitudes higher for some "security through obscurity" scheme.

Re:Potato Blight for computers (0)

Anonymous Coward | about 5 years ago | (#27518275)

obviously the answer is to have a hundred different systems with a hundred different sets of vulnerabilities

We already do, they're call users. I don't see that changing anytime soon, in fact it's likely that there will be many more in the near future.

That's just ridiculous.... (0, Flamebait)

tjstork (137384) | about 5 years ago | (#27517071)

One of the major causes of the Potato famine in Ireland was the reliance on a single product (the potato) and an inability to shift to a more varied diet

No, the cause of the potato famine in Ireland was because the British deliberately starved the people. At the time, Britain had trading policies in place the prevented the Irish from actually developing their own economy. Do you think they wanted to eat nothing but potatoes? It was all they had.

Now given that this homogeneity

If you want to have more varied products, then you need to oppose free trade, and incidentally, open source. That way, you could encourage the capital formation necessary to create multiple, regionally designed operating systems.

Re:That's just ridiculous.... (0, Offtopic)

Anonymous Coward | about 5 years ago | (#27517191)

Your response is largely flamebait and somewhat simplistic. A quick review of Google provides a more comprehensive overview of the causes of the Irish potato famine. Yes, it was British policies but it wasn't trading policies as much as it was land ownership rules. And it wasn't as deliberate as you make it out to be.

http://www.digitalhistory.uh.edu/historyonline/irish_potato_famine.cfm [uh.edu]

Your version reminds me of the stories that are told here in the U.S. about how evil the British were, and it gets embellished every time. No wonder the IRA had such an easy time funding their terrorist activities with U.S. dollars. About the only good thing to come out of 9/11 was the discontinuation of funding for the IRA now that American's finally saw what it was like to live under the threat of terrorism.

Re:That's just ridiculous.... (0)

Anonymous Coward | about 5 years ago | (#27517247)

There you go then. Just the same as the Irish Potato famine, except that M$oft has brainwashed the population to believe they want nothing but Windows. What goes around, comes around.

Re:That's just ridiculous.... (2, Insightful)

tygerstripes (832644) | about 5 years ago | (#27517397)

I think your anglophobic ranting has blinded you to the OP's statement and argument.

One of the major causes of the Potato famine

[emphasis added]

The reliance on a single product - the potato - was unquestionably one of the major factors behind the famine. The fact that this reliance had socio-political factors as its root cause is totally besides the point. The fact is that the poorest people were reliant on the ubiquitous crop as their winter staple, and that ubiquity is what allowed one blight to cause such devastation. As you said yourself, it was all they had.

It's a good analogy, and you've needlessly muddied the waters by misreading and over-extending the OP's point.

Your suggestion that opposing open-source is a necessary step in increasing OS variety is weird and baseless. I'll grant you that completely free trade (as in "without restriction") would facilitate monopoly-practice and in turn engender a monoculture, which is how we found ourself in the current mess.

To suggest open-source development discourages variety though...? Wow. What's your reasoning behind that posit?

Re:That's just ridiculous.... (1)

tjstork (137384) | about 5 years ago | (#27517561)

Your suggestion that opposing open-source is a necessary step in increasing OS variety is weird and baseless.... o suggest open-source development discourages variety though...? Wow. What's your reasoning behind that posit?

Because Open Source is standards based development encoded into the practice. Like, there's only one Linux kernel, only one C compiler, only one bash shell.. only one Perl, only one Java... the whole concept of Open Source revolves around a brief period of competition followed by universal adoption of one solution per a problem domain - mirroring current practices in the academic world. Even now, although Linux prides itself on having more than one window manager, things have coalesced around two, and one of those is not going to survive. So, really, to be open source, is going to ultimately reduce variety. The academic culture with Linux just doesn't see a point to continual competition, preferring consensus instead. Consensus means, everybody agrees on one.

I'm sorry to point out the disadvantage of this approach, but ultimately, a lot of people, outside of this context, would actually hail this as an advantage.

anglophobic is stupid (1)

tjstork (137384) | about 5 years ago | (#27517939)

I think your anglophobic ranting has blinded you to the OP's statement and argument.

There's nothing anglophobic about it.

First off, I'm not expressing any kind of fear, therefor, there's no phobia. In fact, if someone says, they do not like gays, whites, or spiders, they are not homophobic, white-o-phobic, or spider-phobic. Dislike is not caused by fear. So let's burst that bubble.

Secondly, merely stating history is, well, telling the truth. The British treated the Irish like dirt for a long time. I think they are a super ally to the USA and I would exclude them from any vision I have of an American withdrawal from NATO... the Continent can go do what it will, but the USA should always stand beside the UK just as much as the UK has stood beside us... not only in Iraq, but also in the Pacific during late WWII..

Re:That's just ridiculous.... (5, Interesting)

gbjbaanb (229885) | about 5 years ago | (#27517529)

to be fair, the British government didn't deliberately starve the Irish, instead they were proponents of 'free market forces'. They didn't have supermarkets or microwave readymeals in those days, so a staple foodstuff like the potato was pretty much all you ate anyway. Of course, if you were rich you could afford meat - like the cattle raised in Ireland for English tables. The landlords got richer and the poor stayed poor.

The trouble was that the blight reduced the number of potatoes in circulation, and as other people were richer, they could afford to pay more - and so the farmers shipped their potatoes to the richer people, leaving the peasants to starve. As has always been the way.

Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports. Too late for most of course, but don't get incompetence confused with conspiracy.

There's been too much FUD about the potato famine, I suppose spread for modern political reasons. The truth is just dull, the government took a 'light touch' approach to the markets. Unfortunately this approach to 'hands off' free-trade doesn't give what society requires, with such lax input from governments, the free market doesn't always work correctly and you have monopolies appearing and abusing the freedom that should be providing a better set of choices. For computers, its no good saying "you could run Linux" if everyone needs to run Windows because of the ubiquity of software running on it.

Protectionism is the last thing you want, when you get that, you invite stagnation. There's no innovation of growth, the established parties simply try to maintain their market with what they've got. Developing new products is a significant cost - and without free trade getting in the way and allowing new entrants to the market, there's no incentive to spend. Of course you might get new upstarts appearing, but that happens so rarely, and most of them are small and get killed off by the established big players either by being bought out (name any MS product really) or having their market destroyed (eg IE v Netscape).

Ultimately the government needs to step in and support open standards, making sure everyone works with them. Then you can have much better spread of heterogeneous systems as they would work together, giving people the ability to choose an alternative to the dominant product.

Re:Potato Blight for computers (0)

Anonymous Coward | about 5 years ago | (#27517333)

You are a moron. The reason there was a famine is because England was stealing all the food with guns! I could use many a analogy about linux or learning media but want people to realise that there was no famine only a theft!

Re:Potato Blight for computers (0)

Anonymous Coward | about 5 years ago | (#27517665)

+1 brutal truth.

Re:Potato Blight for computers (2, Informative)

bazonic (463550) | about 5 years ago | (#27517709)

Aside from pointing out the flaws in your analogy, and the fact a patch was released four months before this exploit arrived, I think you are overlooking the massive systemic benefits of homogeny.

One could argue that computing and the Internet would not be as ubiquitous as they are today without having had a defacto standard. There is an even stronger argument at the cost savings to businesses and governments in not having to train and retrain new employees on how to use numerous computer systems.

And as far as "companies getting taken offline," there is no excuse for leaving production systems unpatched for four months. Microsoft could not make it easier to apply security updates unless they came onsite and installed them for you. That's not as much a convicted monopolist issue as it is shoddy, lazy network management.

Re:actual article (4, Interesting)

phantomcircuit (938963) | about 5 years ago | (#27516893)

also it looks like http://www.confickerworkinggroup.org/ [confickerw...ggroup.org] is down

Re:actual article (3, Funny)

DarrenBaker (322210) | about 5 years ago | (#27516961)

Holy shit, I'm going to hide under my desk now. Call me when it's all over.

Re:actual article (2, Funny)

buzy buzy (594932) | about 5 years ago | (#27517519)

Holy shit, I'm going to hide under my desk now. Call me when it's all over.

No Problem,

I'll email you an attachment that will explain what happened and why everything is ok.

Be sure to read it.

Re:actual article (2, Insightful)

Shrike82 (1471633) | about 5 years ago | (#27517031)

This is an extremely interesting development. One potential explanation is a DDoS attack from infected machines. Another option is simple coincidence and a technical problem with their hosting server.

I suspect the former, but hope it's the latter.

Re:actual article (2, Insightful)

robthebloke (1308483) | about 5 years ago | (#27517165)

or it's been slashdotted...

Re:actual article (1)

Shrike82 (1471633) | about 5 years ago | (#27517307)

Hmmm, could be the case. I posted a link to it in another article a couple of days ago. Could I have brought down the Conficker Working Group page?

Oh my god, am I behind Conficker?

Re:actual article (4, Funny)

dissy (172727) | about 5 years ago | (#27517061)

also it looks like http://www.confickerworkinggroup.org/ [confickerw...ggroup.org] [confickerw...ggroup.org] is down

I can still get to it... you must be infected!

(Ok, ok, i'm just joking, it doesn't load for me either. It seemed a lot funnier when i first started typing it :P )

Eye chart (5, Funny)

Drakin020 (980931) | about 5 years ago | (#27516947)

On a side note, that eye chart the Conflicker Group had up no longer works.

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html [confickerw...ggroup.org]

I gotta ask (3, Interesting)

Anonymous Coward | about 5 years ago | (#27517005)

Why didn't someone infected with this, say last month, change their pc clock ahead to April 1 to see if it downloaded stuff or not? Then April 2, then April 3, etc.
Duh.

Re:I gotta ask (5, Informative)

Anonymous Coward | about 5 years ago | (#27517053)

Conficker gets it's time from a lot of different time servers, not the local machine. I think the author might have thought about that when designing the worm...

Re:I gotta ask (1)

Ilgaz (86384) | about 5 years ago | (#27517107)

I think it has counter measures against it too. It is not a trivial VBasic junk. It is one of the most advanced professional worms to date.
Even basic shareware has counter measures against messing with clock like that.
Don't forget that it is not only local code, it gets payload with p2p. So if you can fool it with date, you won't be able to fool the host part.

Re:I gotta ask (2, Informative)

Lumpy (12016) | about 5 years ago | (#27517273)

You certianly can man in the middle attack it. slowly skew the time with your own NTP server.. then look to where it's going to ask for it's next feeding and then attack that vector. and yes you CAN attack a P2P distribution vector.

Re:I gotta ask (2, Interesting)

maxume (22995) | about 5 years ago | (#27517769)

The AC is confused though; researchers did all of that, they even have some sort of access to the randomly generated domain list (I get the impression that they have the algorithm, rather than doing some sort of playforward attack as is being discussed here) that is checked for downloads. The core issue is that there had not been anything to download, so all they were able to do was (potentially) confound the operators.

I would go so far as to say that they have been attacking the p2p vector, but since it requires the cooperation of the administrators of the compromised machines, they didn't get very far.

Re:I gotta ask (0)

Anonymous Coward | about 5 years ago | (#27517713)

basic shareware

I've had the Office 2003 "trial" on a computer for far more then 60 days. According to Office, it's August 24, 1995, well over a decade before I installed it on my computer.

Re:I gotta ask (5, Informative)

Z34107 (925136) | about 5 years ago | (#27517115)

Conficker doesn't use the internal system clock; it polls various websites to find out the real date.

If it can't connect to those websites, or gets an unexpected response, it assumes it's in a closed network and holes up.

Re:I gotta ask (1)

wild_berry (448019) | about 5 years ago | (#27517595)

It's not immune to re-casting those sites through a proxy and replacing the data, or stepping through a virtualised instance of its host in a hypervisor debugger.

Re:I gotta ask (5, Informative)

MyDixieWrecked (548719) | about 5 years ago | (#27517127)

Why didn't someone infected with this, say last month, change their pc clock ahead...

First of all, I'm sure that the payload itself wasn't made available until the last minute.

Second, if it were me who wrote the virus, I would have written it to *start* looking for a payload, start looking in no particular place, and continue looking until it's been found. Considering that it's getting its payload from an established botnet, it could just be poking around looking for machines that can give it its payload and the payload wasn't made available until today.

When you have control of as many machines as the Storm or Waledac botnets, the world really is your oyster. You're not restricted by IPs, and if your botnet is large enough, you can just iterate through addresses looking for a system that has your payload for you. Without access to the botnet or the payload, it doesn't matter how much you reverse engineer or adjust your clock, you just can't predict what will happen in the future.

Ahhhhhh... (5, Funny)

buttfscking (1515709) | about 5 years ago | (#27517135)

This sure is entertaining from over here on Linux Island! *sips drink*

Re:Ahhhhhh... (5, Funny)

tb3 (313150) | about 5 years ago | (#27517477)

The Mac Archipelago finds it amusing, too. *Cheers!*

Re:Ahhhhhh... (5, Insightful)

parkrrrr (30782) | about 5 years ago | (#27517681)

The parts of the Windows mainland who install security patches are also amused. I'm sure we'll all be amused right up until the Internet we all share with the infected losers goes all wonky.

Re:Ahhhhhh... (1, Interesting)

Anonymous Coward | about 5 years ago | (#27517901)

My triple-booting Mac/Vista/Linux laptop is also amused (and clean on all partitions :D).

Re:Ahhhhhh... (5, Funny)

Shrike82 (1471633) | about 5 years ago | (#27517831)

It's good that this provides you with entertainment, it must get very boring over there when you can't play any games ;)

Even though I'm joking, let the "Troll" modding begin.

Why the doom and gloom? (4, Funny)

castironpigeon (1056188) | about 5 years ago | (#27517193)

Isn't anyone else curious to see what happens next?! I can just imagine millions of computer users starting their computers Monday morning and seeing their new goatse-themed desktop. Oh the lols...

Re:Why the doom and gloom? (2, Funny)

RiotingPacifist (1228016) | about 5 years ago | (#27517313)

Remove the stone of geek!...Append the stone of evil genius!

Although if that does happen, expect a call from some well dressed men in a nice car, with blacked out windows, on Monday afternoon.

Solution? (1)

T Murphy (1054674) | about 5 years ago | (#27517207)

So if people get worms like this by being dumb with their computers, just write a worm that 'maliciously' enforces the security that people should be following. If you do it right it should infect the same set of people.
Not being very knowledgeable in this area I don't know if this idea actually means anything or if its ridiculous enough to be funny.

Re:Solution? (1)

reashlin (1370169) | about 5 years ago | (#27517461)

You jest but AFAIK that is exactly what conficker does. On "install" it patches the vulnerability that it used as an entry door. A bit like a obber locking your front door behind them. At the very least is mean no other robber can come through the door and bother it.

Re:Solution? (1)

Ian Alexander (997430) | about 5 years ago | (#27518131)

IIRC it also opens other backdoors. So it would be like the robber locking the front door but making sure your windows aren't.

Waledac botnet? (0)

Anonymous Coward | about 5 years ago | (#27517211)

"It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities."

How sad is it that we've got botnets we can't kill that hang on long enough to have names like glaciers?

They should use conflicker to spread Linux (0)

Anonymous Coward | about 5 years ago | (#27517789)

They should use conflicker to install Linux to all infected Windows machine. LOL.

Windows for Warships - Vulnerable? (1)

Tim12s (209786) | about 5 years ago | (#27518019)

I'm sure these guys are vulnerable..

http://slashdot.org/article.pl?sid=07/02/26/149209 [slashdot.org]

Submarines and gunboats running windows could easily have their network infected and will all be subject to zero-day vulnerabilities which is what these advanced botnets are starting to take advantage of.

http://news.google.com/news?q=power+infiltrate [google.com]

With the possibilitiy of the power grid being infiltrated, it highlights that you need little more than a USB memory stick on an internal network to be infected.

-Tim

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...