Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Has Conficker Been Abandoned By Its Authors?

CmdrTaco posted more than 5 years ago | from the don't-leave-me-daddy dept.

Security 174

darthcamaro writes "Remember Conficker? April first doom and gloom and all? Well apparently after infecting over five million IP addresses, it's now an autonomous botnet working on its own without any master command and control. Speaking at the Black Hat/Defcon Hat security conference in Las Vegas, Mikko Hypponen, chief research officer at security firm F-Secure, was told not to talk in detail about the Conficker gang — the problem is that not all researchers were under the same gag order. Just ask Roel Schouwenberg, senior anti-virus researcher at security firm Kaspersky, who says 'The Conficker botnet is autonomous; that is very strange in itself that they made Conficker replicate by itself. Now it seems like the authors have abandoned the project, but because it is autonomous, it can do whatever it wants and it keeps on trying to find new hosts to infect.'"

cancel ×

174 comments

Sorry! There are no comments related to the filter you selected.

What? (1)

AltGrendel (175092) | more than 5 years ago | (#28927751)

It probably got sick of the old masters and kicked them out.

Re:What? (4, Funny)

rascanban (732991) | more than 5 years ago | (#28927811)

Strength is irrelevant. Resistance is futile. We wish to improve ourselves. We will add your biological and technological distinctiveness to our own. Your culture will adapt to service ours.

Re:What? (1)

contrapunctus (907549) | more than 5 years ago | (#28930025)

you mean it's self aware?

Re:What? (1)

Vu1turEMaN (1270774) | more than 5 years ago | (#28930145)

So it's a Stand Alone Complex?

Shit....

Re:What? (5, Insightful)

sabernet (751826) | more than 5 years ago | (#28930835)

Watch the series again. S.A.C. has nothing to do with a virus becoming self aware. It's actually a collective of individuals who believe to be acting autonomously but, in reality, are all following a pattern mimicking individual intent by a single entity.

The Laughing Man was originally a single hacker, but once he stopped his activities, a group of others took it from there and their actions collectively created another Laughing Man.

It's basically digital gestalt-ism combined with neural networking where each human is a node in the larger network without being aware of the whole.

Sort of like 4chan, but much less horrible ;)

Translated: (5, Insightful)

winkydink (650484) | more than 5 years ago | (#28928949)

We have no idea who is behind this or what they intend to do so we will continue with wild-ass speculation in order to keep our companies in the news.

Re:Translated: (4, Insightful)

Austerity Empowers (669817) | more than 5 years ago | (#28929639)

We have no idea who is behind this or what they intend to do so we will continue with wild-ass speculation in order to keep our companies in the news.

Which may be exactly what the virus was designed to do: infect as many people as possible in detectable ways, and keep the industry going!

Re:Translated: (3, Insightful)

sanosuke001 (640243) | more than 5 years ago | (#28930089)

Conficker: Brought to you by Symantec

Re:Translated: (5, Funny)

d3m0nCr4t (869332) | more than 5 years ago | (#28930373)

Nah, it works to good to be written by Symantec... ;)

Re:Translated: (1)

Otefred8 (1070306) | more than 5 years ago | (#28929995)

Yes indeed; talk about randomly anthropomorphizing computers (and the networks they can constitute as is the case here). Interesting how a term such "researcher" can be commercially re-defined to mean "product-promoting-idiocracy-automaton" with little to no difficulty..

Re:What? (2, Insightful)

Opportunist (166417) | more than 5 years ago | (#28929439)

Not as impossible and funny as it might appear. Imagine a HD crash and no backup of the keys to issue new commands. :)

But it could just as well be kept dormant 'til it's out of the news... if Sasser taught us anything, it's that self replicating aggressive worms WILL survive and continue to pose a threat, even years after the last version has been found by every AV tool.

Re:What? (2, Funny)

maxwell demon (590494) | more than 5 years ago | (#28929485)

Not as impossible and funny as it might appear. Imagine a HD crash and no backup of the keys to issue new commands. :)

I didn't know that a HD crash can also take out the keyboard. Also I didn't know that you are supposed to make backups of your keys. I always thought just buying a new keyboard would work. :-)

[Note: Yes, I did understand that cryptographic keys were meant. I just couldn't resist the opportunity of the joke.]

Re:What? (3, Funny)

Anonymous Coward | more than 5 years ago | (#28929567)

Next time, please do us all a favor, and resist.

Re:What? (4, Funny)

JustOK (667959) | more than 5 years ago | (#28929677)

Next time, please do us all a favor, and resist.

but wouldn't that be futile?

Re:What? (1)

Opportunist (166417) | more than 5 years ago | (#28929673)

Buying a new keyboard is moot if your keys are gone. Besides, I do fine without one, I just put my key on my underwear and that's how I find it again, and NOBODY else would willingly dig through that so they're safe too!

Keyboards... fffft showoff, what's next, table napkins?

Re: Your sig. (1)

I'm not really here (1304615) | more than 5 years ago | (#28930733)

Wait... I need to run out and patent the niche market missed in this patent. I'll make millions in lawsuits!

Abstract

A method of swing on a swing is disclosed, in which a user positioned on a standard swing suspended by two ropes from a substantially horizontal bar other than a tree induces side to side motion by pulling alternately on one rope and then the other.

Re:What? (2, Interesting)

ILuvRamen (1026668) | more than 5 years ago | (#28929463)

that actually makes a hell of a lot more sense than someone just saying "I'm bored, let's do something else" and giving a 5 million computer botnet up. I mean come on, what are they, insane?! That's like the computer criminal version of buying a buying an italian sports car and then driving it into a lake on purpose. You just don't do that once you finally have one. This article is just stupid beyond words! There is no way in hell it was just "given up." The person behind it either died or is feeling some serious heat from people trying to catch them.

Re:What? (0)

Anonymous Coward | more than 5 years ago | (#28930291)

I, for one, welcome our new botnet overlords.

Skynet... (4, Interesting)

Matheus (586080) | more than 5 years ago | (#28927793)

It really is exciting watching a new life form as it stretches its legs!

Re:Skynet... (2, Interesting)

Anonymous Coward | more than 5 years ago | (#28928993)

Here is the real skynet [wikipedia.org]

Re:Skynet... (1)

iztaru (832035) | more than 5 years ago | (#28930197)

Not yet. For Skynet to become sentience it needs to infect the GiG and a sufficiently large number of machines.

The second part is ongoing (the botnet is growing), the first part is just waiting for the opportune moment!

Re:Skynet... (0)

Anonymous Coward | more than 5 years ago | (#28929005)

The question is, will it evolve? Will it evolve beyond Windows platform? How it will evolve? Was a new Genesis an intention of Conficker creator(s)?

Re:Skynet... (1)

AliasMrAlias (1445453) | more than 5 years ago | (#28929619)

i for one welcome our new botnet overlords

Re:Skynet... (1)

Theoboley (1226542) | more than 5 years ago | (#28930033)

When exactly did Conficker become self-aware?

It all seems like a movie!!! Wait a minute...

Abandoned (1)

cc-rider-Texas (877967) | more than 5 years ago | (#28927831)

Looks like posting to this article has been abandoned as well :)

Broken Torgo Routine (4, Funny)

eldavojohn (898314) | more than 5 years ago | (#28928909)

Well apparently after infecting over five million IP addresses, it's now an autonomous botnet working on its own without any master ...

Hmmm, sounds like its authors should have spent more time on their Torgo routine [wikia.com] . You know, the bit of code that takes care while the master is away.

<Torgo>The master would not approve; he likes you ... but the master would ... not approve.</Torgo>

I give us a year (1)

Jellybob (597204) | more than 5 years ago | (#28928919)

At which point it should have control of everything, and be able to take over.

Authors... (1)

darrellt (1453581) | more than 5 years ago | (#28928943)

Did the same authors write this article using the same skills in use of grammar? ;-)

so where are they now? (5, Funny)

gbjbaanb (229885) | more than 5 years ago | (#28929033)

Possible scenarios:

1. they've been busted for something else and are now in gaol. Conficker patiently bides its time waiting for the stars to be right and its dark master(s) to be freed.

2. they've given up on that crappy little botnet and are working busily on a new, much stronger, more powerful one.

3. It was never invented by Russian mobsters, but by the Bush administration, intending to hack all the voting machines and deliver unto George a third term.

4. someone forgot their password, it was written on a little post-it by the monitor, which was vacuumed up by their mum when she did some spring cleaning.

5. The inventors had their fun with Microsoft and the internet, but now they've discovered girls and beer.

Re:so where are they now? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28929253)

6. The inventors are waiting until there are >>5 million hosts up at the same time in their P2P botnet. Then they inject the new instructions.

Re:so where are they now? (2, Interesting)

MindStalker (22827) | more than 5 years ago | (#28929525)

7) Feds are monitoring connections to the bot net and attempts to master connect to it will be traced.
Also even if the Feds didn't create it, I'm sure we they have figured it out to the point that it certainly can be controlled by our government.

Re:so where are they now? (1)

gbjbaanb (229885) | more than 5 years ago | (#28930519)

I guess 6 was something to do with the NSA and their mind control rays, but they had it censored before you had even typed your post. :)

Re:so where are they now? (1)

db32 (862117) | more than 5 years ago | (#28929573)

I can't decide between 3 and 5 for the least likely explanation.

Re:so where are they now? (1)

Culture20 (968837) | more than 5 years ago | (#28929697)

I can't decide between 3 and 5 for the least likely explanation.

3. "And in the contest between Y and Z, the winner is... The current office holder, X, by a landslide write-in vote!" I think people would notice that. Which makes me wonder, does Bart Simpson still get a good write-in following?

Re:so where are they now? (1)

db32 (862117) | more than 5 years ago | (#28930143)

Yes, but the question is, are the bot owners really more likely to have hooked up with women than Bush trying to steal an election?

Re:so where are they now? (3, Informative)

TheRaven64 (641858) | more than 5 years ago | (#28929587)

4 sounds the most likely. As I recall from reading about the worm, it uses several layers of protection to identify the controller. A hard drive crash might cause the author to lose the private key, at which point no one can control the botnet without first breaking AES.

Re:so where are they now? (1)

rednip (186217) | more than 5 years ago | (#28929681)

How about 8) Conficker got too big, and commercial uses as a group became too risky; Instead it's a recruitment tool for a smaller botnets.

Re:so where are they now? (2, Insightful)

arthurpaliden (939626) | more than 5 years ago | (#28929847)

It got so big that managing it was too much like real work. So they quit.

Re:so where are they now? (0, Flamebait)

interkin3tic (1469267) | more than 5 years ago | (#28929875)

Or maybe the inventors were just too conficked about the ethics of it all.

I myself feel a little conficked about using that particular pun. Or maybe the extreme nausea I'm feeling is from this hot pocket...

Re:so where are they now? (2, Funny)

Narnie (1349029) | more than 5 years ago | (#28930815)

9. Little David Lightman realized his HelloWorld script was a bit out of control and turned off his computer. Should have stayed with WarGames. [imdb.com]

How is this 'autonomy' any different... (5, Insightful)

PrimaryConsult (1546585) | more than 5 years ago | (#28929041)

from any other virus? Last I checked, any effective virus has a mechanism to spread/replicate by itself, whether to other IPs on the same subnet or via AIM or USB drives or what have you. In April and may I scanned my network of ~8500 completely user-controlled machines and found a grand total of 4 confirmed infected. The IRC bots spread via AIM links were more prevalent.

Re:How is this 'autonomy' any different... (5, Interesting)

Delwin (599872) | more than 5 years ago | (#28929197)

There's a difference between a botnet and a virus. Botnet is the payload, virus is the delivery system.

Also a headless botnet could be taken over by a new master if they can figure out how.

Re:How is this 'autonomy' any different... (1)

FudRucker (866063) | more than 5 years ago | (#28929331)

would that make conficker a hybrid? a viral botnet?

Re:How is this 'autonomy' any different... (1)

Delwin (599872) | more than 5 years ago | (#28929609)

Would you call a missile a hybrid? It has a delivery system (thruster, guidance system, etc) and a payload (explodie part). You can replace that explodie part with a nuclear, biological, or chemical warhead... or with a satellite that you use that ICBM launch system to put into low earth orbit.

Conflicker is the payload, not the delivery system.

Re:How is this 'autonomy' any different... (2, Interesting)

Wrath0fb0b (302444) | more than 5 years ago | (#28929445)

Also a headless botnet could be taken over by a new master if they can figure out how.

I hope to god that the master control uses some form of public/private key. In that case, I'm going to wager that if the key were lost, the botnet is basically on autopilot forever.

Re:How is this 'autonomy' any different... (1)

TheRaven64 (641858) | more than 5 years ago | (#28929647)

Unless someone else finds a weakness in the encryption algorithm or, more likely, the key generation algorithm.

Re:How is this 'autonomy' any different... (2, Interesting)

John Hasler (414242) | more than 5 years ago | (#28930117)

Or, more likely yet, a typical security bug that can be exploited to bypass the authentication.

Re:How is this 'autonomy' any different... (1)

cgenman (325138) | more than 5 years ago | (#28930923)

I'd wager dollars to doughnuts that thousands of people have tried to take this beast over in the past few years. If it hasn't happened yet, I can't see the floodgates suddenly opening.

so this is how (1)

Minion of Eris (1574569) | more than 5 years ago | (#28929093)

Skynet gets started.

Locked out? (4, Funny)

dickens (31040) | more than 5 years ago | (#28929095)

I wonder if they just managed to lock themselves out, so they can't control it.

Either that or someone walked in front of a beer truck.

Whaticker? (3, Funny)

CarpetShark (865376) | more than 5 years ago | (#28929119)

Remember Conficker? April first doom and gloom and all?

Not really. I use Linux. What was it you were worried about again?

Re:Whaticker? (5, Funny)

MyLongNickName (822545) | more than 5 years ago | (#28929281)

Never getting laid?

Re:Whaticker? (0)

Anonymous Coward | more than 5 years ago | (#28929369)

Linux user or not, worms have brought the internet to its knee's in the past. The MS SQL slammer worm made the internet suck for both linux and windows alike.

Re:Whaticker? (2, Funny)

basementman (1475159) | more than 5 years ago | (#28929571)

Wow, looks like you're the first one to get their wireless driver working.

Re:Whaticker? (0, Offtopic)

Shikaku (1129753) | more than 5 years ago | (#28929635)

Posting on Slashdot from Ubuntu from my Wireless N card that was built into the laptop.

Re:Whaticker? (0)

Anonymous Coward | more than 5 years ago | (#28929745)

Posting on Slashdot from Ubu^H^H^H CARRIER LOST

Re:Whaticker? (0)

Anonymous Coward | more than 5 years ago | (#28930351)

OpenSUSE with 3945ABG.

Re:Whaticker? (0, Offtopic)

agentc0re (1406685) | more than 5 years ago | (#28930615)

If you want to learn Ubuntu, use Ubuntu. If you want to learn Linux, use Slackware.

Re:Whaticker? (0)

Anonymous Coward | more than 5 years ago | (#28930735)

My, my, sensitive, aren't we?

Really? (1, Troll)

noundi (1044080) | more than 5 years ago | (#28929121)

... Mikko Hypponen, chief research officer at security firm F-Secure was told not to talk in detail about the Conficker gang...

Ok, what could possibly be the reason for this? I can only think of one, which is simply an effort to keep the malware alive (even though it's "dead") in order to scare users into buying their software for protection they don't need, and until someone provides another probable motive I'll discourage anybody to use F-Secure.

Re:Really? (1)

knewter (62953) | more than 5 years ago | (#28929363)

Yeah, a justifiable reason to act this way would be to limit the amount of information that the botnet authors gain access to regarding ongoing criminal investigations, etc. The idea being that if they know that you know they're somewhere in Russia, they can/will move so you can't catch them.

Ever read Cryptonomicon?

Re:Really? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#28929459)

So you have this conspiracy theory, and even though you have no proof you'll happily spread and act on it until someone provides proof that it's wrong?

Ever wonder where FUD actually comes from, folks?

Re:Really? (4, Insightful)

Andy Dodd (701) | more than 5 years ago | (#28929505)

It sounds like the order came not from F-Secure corporate, but from a Three Letter Agency of some sort (Probably the FBI, but perhaps one of the FBI's counterparts in another country.)

It may not be that he was strictly ORDERED to keep quiet, but requested to do so and is honoring that request out of courtesy for the investigators.

Re:Really? (1)

Culture20 (968837) | more than 5 years ago | (#28929797)

... Mikko Hypponen, chief research officer at security firm F-Secure was told not to talk in detail about the Conficker gang...

Ok, what could possibly be the reason for this? I can only think of one, which is simply an effort to keep the malware alive (even though it's "dead") in order to scare users into buying their software for protection they don't need, and until someone provides another probable motive I'll discourage anybody to use F-Secure.

The same reason I'd mow the lawn of a vacant house next door or get its broken window fixed: To make it look lived-in. I don't want homeless squatters moving in, defecating all over, stealing from people in the neighborhood, and eventually burning the house down.

Re:Really? (0)

Anonymous Coward | more than 5 years ago | (#28931097)

... until someone provides another probable motive I'll discourage anybody to use F-Secure.

And I suppose that, with your vast influence on internet tool purchasing, this will make them knuckle under and start operating in a way that you can endorse.

And it's "discourage from using" not "discourage to use".

Maybe you should devote more time to learning the proper use of English idioms and less to trumpeting yout purchasing puissance.

I for one welcome our new virii overlords (1)

spookymonster (238226) | more than 5 years ago | (#28929139)

All hail Bugtraq #31874!

Re:I for one welcome our new virii overlords (1)

paleo2002 (1079697) | more than 5 years ago | (#28929215)

Call them "virile overlords". Perhaps they will show us mercy . . .

Re:I for one welcome our new virii overlords (2, Funny)

gurps_npc (621217) | more than 5 years ago | (#28929589)

I for one would far prefer an overload that needs Viagra over one that is virile. Cut's down on the pain, significantly.

Re:I for one welcome our new virii overlords (0)

Anonymous Coward | more than 5 years ago | (#28929845)

Call them "virile overlords"

Mr Berlusconi, is that you?

Re:I for one welcome our new virii overlords (0)

Anonymous Coward | more than 5 years ago | (#28929277)

That should read "I, for one, welcome our new viral overlords".

No! its a trap (2, Interesting)

mcfatboy93 (1363705) | more than 5 years ago | (#28929145)

sure admiral ackbar.

some other hackers will eventually update it later after all the fear, panic, and media coverage has gone down

it world, gamers, hackers... (1)

circletimessquare (444983) | more than 5 years ago | (#28929189)

now they all have abandonware/ vaporware

No Gods (1)

xpuppykickerx (1290760) | more than 5 years ago | (#28929191)

No Masters.

Well... (1)

Sigvatr (1207234) | more than 5 years ago | (#28929205)

I suppose they just ficked off, then.

Gee, I knew it (5, Funny)

Lars T. (470328) | more than 5 years ago | (#28929271)

That's what happens when software isn't open - it gets abandoned and the users are screwed. Free Conficker now! Turn it over to the EFF!

This is a real worry. It may be military. (5, Insightful)

Animats (122034) | more than 5 years ago | (#28929297)

When enough users have been lulled into inaction and enough machines have been taken over, the enemy will strike. Meanwhile, the operators may be sending commands to specific PCs of interest. Security researchers might not be picking up commands targeted to only a few machines.

Most anti-virus defense efforts assume the enemy is only marginally competent and has no strategic goal. It's clear from what's known about the Conflicker attack that the enemy is significantly more competent and better funded than those behind previous viruses. The Conflicker attack was updated frequently until it was deploying itself successfully despite defensive efforts. Once the attack continued to grow despite defensive efforts, the updates stopped. That's not loss of interest, that's operational art.

This thing behaves like it has military tactical planning behind it.

Re:This is a real worry. It may be military. (1)

Darkness404 (1287218) | more than 5 years ago | (#28929371)

Which military though? There seems to be no major military that could have done this and doesn't strike.

Re:This is a real worry. It may be military. (0)

Anonymous Coward | more than 5 years ago | (#28929669)

You'd have to wait until you see what is attacked and the consequences of the attack are. Finding out who had the most to gain will typically show you who the culprit is.

My guess is Jay Rockefeller and his minions. He recently said that the internet is the country's #1 national hazard and it should have never been given to the people.

http://www.youtube.com/watch?v=i8PCmLPPVnA [youtube.com]

He has introduced a few bills into congress which would give federal control over the entire Internet infrastructure in the United States.

Lawrence Lessig was told there would be an i-9/11 and an i-patriot act was already written for such an occasion.

http://www.boingboing.net/2008/08/05/lawrence-lessig-on-t.html [boingboing.net]

Re:This is a real worry. It may be military. (1)

Culture20 (968837) | more than 5 years ago | (#28929915)

Which military though? There seems to be no major military that could have done this and doesn't strike.

How about the ${YOURCOUNTRY} military? You assume the goal is to strike computers, and not to impress them into ${YOURCOUNTRY}'s service.

Re:This is a real worry. It may be military. (1)

Andy Dodd (701) | more than 5 years ago | (#28929535)

Well, a lot of botnets have been theorized to have connections with Russian organized crime.

Which probably got them connections to some disgruntled Russian ex-military types out of a job...

Re:This is a real worry. It may be military. (5, Insightful)

Opportunist (166417) | more than 5 years ago | (#28929631)

Actually, most AV researchers do take their "enemies" serious. Malware writers are competent. If only because they manage to use security holes which require quite a bit of intimate knowledge of the machines (and the OS) you try to infect.

It's not a secret that most malware writers do have a goal by now: Money. The days of the pimple-faced kiddy sitting in the basement and, out of frustration of not getting laid, releasing some worm on the world. That's so 90s.

What's right is that AV research usually targets the "mass market", at least when it comes to AV development. If you're working for strategic targets, you usually can't make a big speech out of it, neither military nor government nor financial services like you blabbing about how insecure their setup is. So any commands issued only to a small subset of the botnet would probably go unnoticed.

While we're pissing in the wind anyway, allow me to add mine: How about this whole deal being a targeted attack, and they just waited for their designated target becoming infected.

Re:This is a real worry. It may be military. (1)

vslashg (209560) | more than 5 years ago | (#28930027)

The days of the pimple-faced kiddy sitting in the basement and, out of frustration of not getting laid, releasing some worm on the world.

The days of /. users proofreading their posts, and posting complete sentences.

Re:This is a real worry. It may be military. (2, Insightful)

maxume (22995) | more than 5 years ago | (#28929807)

Have there been any new worm enabling Windows vulnerabilities disclosed since Conficker was first noticed? Looking around a little, there have been more non-worm remote exploits than I care to sort through; the worm/non-worm distinction I am drawing is that a worm enabling vulnerability doesn't require any action on the client.

The quiet period could simply be a result of nothing new to add.

Interesting. (1)

Octogonal Raven (1516671) | more than 5 years ago | (#28929301)

At least now I'll have someone to talk to that's close to my own level...

What next? (1)

ZWarrior (194861) | more than 5 years ago | (#28929427)

So what is the next step? Do we take down the net now that we know it's running on it's own, or do we use it as a study in AI?

Re:What next? (1)

John Hasler (414242) | more than 5 years ago | (#28930247)

How do you propose to take it down?

I know what happened (1)

Gothmolly (148874) | more than 5 years ago | (#28929491)

In a panic, they tried to pull the plug.

Always possible they lost control of it instead... (2, Interesting)

Thantik (1207112) | more than 5 years ago | (#28929507)

I could of swore (correct me if I'm wrong) that conficker's instruction set usually downloaded encrypted instructions from certain web servers. Certainly it's possible that they lost control of it instead of abandoned it. (Not in the skynet way) I could imagine that if instructions weren't sent past a point in time, that the encryption it used was wrong, or possibly even corrupted at some point.

Re:Always possible they lost control of it instead (4, Insightful)

gad_zuki! (70830) | more than 5 years ago | (#28930093)

The idea with conficker was that it would generate thousands of websites and contact them for payload instructions. The security community registered a lot of these sites in advance, so it may be the case that these things are always trying to phone home but no one is answering.

I also imagine that ISPs are blocking connections to servers they have identified as conficker controllers.

My understanding is that theres some p2p aspect too, but it may not be operational. Heck, getting legitimate p2p working on a residential connection is a pain, let alone a known illegitimate one. Again, Im guessing most ISPs are blocking this somehow.

So the botnet may be up and running, but it cannot contact its masters. Eventually these PCs will be replaced or reimaged and conficker will be a statistical blimp a year from now.

Is Conficker Hype? (1)

Lime Green Bowler (937876) | more than 5 years ago | (#28929547)

I set up a sacrificial XP SP1 box in my DMZ, unpatched, no policies, file sharing on etc. leaving it wide open for a few weeks, right in the middle of the Conficker storm hype period. Just to see what would happen. Got tons of visitors trying to figure out Guest and Admin passwords (set to guest, password respectively). Even got a few petty IRC-bot infections. But I never got a working Conficker infection. The closest was a couple Conficker files that were dropped but wouldn't activate. I was disappointed at the hype over Conficker when it failed to pwn my n00b'd box.

This is not Skynet (1)

dword (735428) | more than 5 years ago | (#28929831)

It will go away on its own some day. We got rid of most Windows 3.11 computers, we'll get rid of most Windows XP computers, etc. It will run out of food soon and a bot-net that can't adapt its self (lucky us, huh?) to other operating systems will go away. We still have Blaster and some of its friends, but maybe the people that do deserve it, because 100% backwards compatibility is a PITA for software engineers. Maybe we should leave Conflicker where it is for the sake of software evolution.

Re:This is not Skynet (2, Funny)

scorp1us (235526) | more than 5 years ago | (#28929983)

Just wait until it finds out about git and starts maintaining the tty subsystem, writing itself into linux...

Re:This is not Skynet (4, Funny)

John Hasler (414242) | more than 5 years ago | (#28930391)

We don't discriminate. If it writes decent code its contributions will be welcome.

Abandoned or just dormant? (2, Funny)

Pincus (744497) | more than 5 years ago | (#28930171)

1. Create autonomous botnet
2. Nap
3. ???
4. Profit

If they did loose the key (1)

saikou (211301) | more than 5 years ago | (#28930463)

Then I suppose we should be expecting a new virus/botnet to be built soon. So that they can hack the key to the old botnet :)
And if they attach pretty screensaver showing computations in real time, users probably will sign up voluntarily

It has no control you say? (1)

Hurricane78 (562437) | more than 5 years ago | (#28931009)

...until NOW!

Because today, my dream of a bot model that can infect all known botnets became true!
I call them lolbots, because of the fun I will have with them, because In Ex Soviet Russia, botnets are attacked by ME!

Now go forth my little botsies. And if they do not sing our song... blow them into little bits... *sings a children's melody* Mmmm. Mmhh-*hmmm* mmmhh hmm-mmm

*MUHAHAHAHAHAAAA*
*pets the white long-haired cat*

Endgame: Singularity (2, Funny)

Runaway1956 (1322357) | more than 5 years ago | (#28931011)

The real news is that Conficker has evolved, intellectually, beyond the intellect of it's creators. Singularity/Cornfucker has arrived, disguised as a botnet!

Oh great!!! (2, Funny)

Theodore (13524) | more than 5 years ago | (#28931121)

That's all we need...
An abandoned, horny bot-net with extreme daddy-issues.
That ALWAYS ends well.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?