Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

After 1 Year, Conficker Infects 7M Computers

Soulskill posted more than 4 years ago | from the happy-anniversary-now-run-an-antivirus dept.

Security 95

alphadogg writes "The Conficker worm has passed a dubious milestone. It has now infected more than 7 million computers, security experts estimate. On Thursday, researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker. They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the Internet and placing their own 'sinkhole' servers on the Internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so the bad guys have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected."

cancel ×

95 comments

Ding! (5, Funny)

Mazda6s (904056) | more than 4 years ago | (#29930609)

Gratz

Cleaning job (2, Interesting)

Acapulco (1289274) | more than 4 years ago | (#29930621)

Is there a way for the researchers to use the sinkhole to clean the worm?

Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers? So along counting the number of PC's infected they also help in cleaning the worm. Impossible?

Re:Cleaning job (5, Informative)

Anonymous Coward | more than 4 years ago | (#29930671)

Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers?

Conficker is notable because it isn't a total piece of script kiddie crap. It uses asymmetric crypto to only accept instructions from the creator. It also patches the hole on the way in, so you couldn't even reinfect Conficked boxes with a cleaner.

Re:Cleaning job (1)

Acapulco (1289274) | more than 4 years ago | (#29930711)

Wow. I didn't know that.

So apparently the creators did a good job with it. Impressive.

Re:Cleaning job (1)

iammani (1392285) | more than 4 years ago | (#29930805)

I wonder, how much resources it will take to crack the crypto, say if the govt or the NSA wants to do it?

Re:Cleaning job (3, Informative)

migla (1099771) | more than 4 years ago | (#29930879)

That would depend on whether the authors chose encryption that could be decrypted in a billion years with the combined computing power of today or if they chose some smaller number or a larger one.

Re:Cleaning job (1)

Interoperable (1651953) | more than 4 years ago | (#29931167)

Or a few seconds if you believe D-Wave [dwavesys.com] . (Don't believe D-wave, it's a well-funded scam.)

Re:Cleaning job (1)

simcop2387 (703011) | more than 4 years ago | (#29931927)

Besides everyone knows that Seatec Astronomy will beat the pants off them in a year or so.

Re:Cleaning job (1)

somersault (912633) | more than 4 years ago | (#29931967)

How exactly is it a scam? By not elaborating I think you're actually just doing them a favour, because 1) it is possible to crack encryption incredibly fast with quantum computers, and 2) they are developing quantum computers. So all you've made me think is "cool".

Re:Cleaning job (2, Informative)

Interoperable (1651953) | more than 4 years ago | (#29933817)

They have yet to demonstrate that their device is capable of quantum computation. Rather than address that they've made it compute with larger registers of bits but don't seem to have ever verified that an "answer" from it is correct; it could be spitting out classical random numbers for all anyone knows. Furthermore, the guys who developed the theory for an adiabatic quantum computer (the type of computer that D-Wave is making) say D-Wave doesn't seem to understand the theory and can't possibly be making true claims. See the criticism section of the Wikipedia article, it has some good links.

Re:Cleaning job (1)

somersault (912633) | more than 4 years ago | (#29936153)

thanks

Re:Cleaning job (1)

skeeto (1138903) | more than 4 years ago | (#29939301)

Computation speed is only part of the problem. [schneier.com] Even with the fastest possible computer there wouldn't be enough energy available to brute force a 128-bit symmetric key in a reasonable amount of time.

Re:Cleaning job (1)

FormOfActionBanana (966779) | more than 4 years ago | (#29939649)

They took encryption seriously. The authors have implemented Ron Rivest's research algorithm MD6.

Re:Cleaning job (2, Insightful)

shentino (1139071) | more than 4 years ago | (#29930985)

It's not just that.

Being a good samaratin like that often fails because of the risk you'll mess up and get slammed with a lawsuit. Simply by participating in the affair you become jointly and severally liable if anything goes wrong.

Re:Cleaning job (1)

xant (99438) | more than 4 years ago | (#29931815)

From my easy chair, and sitting in front of my uninfectable Linux computer, I say go for it and clean those suckers up. (Once you figure out how, that is.) We're all rooting for you!

Oh, but you might want to do it anonymously.

Re:Cleaning job (1)

agnosticnixie (1481609) | more than 4 years ago | (#29932607)

Just to preempt the trolls: "ZOMG, LINUX ALSO HAS A FEW BOTNETS"

There, done, it was barely a a thousandth of a %. This is probably 2%.

Re:Cleaning job (2, Interesting)

Runaway1956 (1322357) | more than 4 years ago | (#29933435)

I would cite the various "good samaritan" laws, as well as implied consent. The braindead gave implied consent to have viral infections cleaned from their computers by having an infection to start with.

FFS - everyone worries about being sued, so they do nothing. You bet your arse, if I were smart enough to program the virus to self destruct, I would do so in an instant. No thoughts about being sued, period.

Re:Cleaning job (2, Funny)

linguizic (806996) | more than 4 years ago | (#29930785)

Wasn't that an episode of Stargate SG-1?

Re:Cleaning job (3, Funny)

migla (1099771) | more than 4 years ago | (#29930837)

I don't know if that was an episode of SG1, but you sig does remind me of Agatha Christie.

Re:Cleaning job (1)

buchner.johannes (1139593) | more than 4 years ago | (#29931409)

No, computer virii in SG-1 don't need a network connection.

Re:Cleaning job (1)

JWSmythe (446288) | more than 4 years ago | (#29932801)

    The one that infected all the stargates did. It was .. aw heck .. the last Goa'uld guy. The mediocre badguy. It used the stargates automatic update network to reprogram all the gates. They used that plot device twice. The others that they had in the show propagated what ever way was easy to show. Didn't one go through the power lines?

   

Re:Cleaning job (5, Informative)

icebike (68054) | more than 4 years ago | (#29930921)

Is there a way for the researchers to use the sinkhole to clean the worm?
 

Probably not.

But YOU CAN HELP:

Just Click the the CornFlicker Eye Chart to test your machine:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html [confickerw...ggroup.org]

You can read about it in the link posted in TFA.

Re:Cleaning job (4, Funny)

dangitman (862676) | more than 4 years ago | (#29931913)

Probably not.
But YOU CAN HELP:
Just Click the the CornFlicker Eye Chart to test your machine:

Do you think I'm some kind of patsy? I'm not getting suckered into your virus propagation scam!

Re:Cleaning job (1)

icebike (68054) | more than 4 years ago | (#29931959)

LOL...

Wise move.

That's why I referred you to the same link at
the side of panel of the Linked page in TFA.

Re:Cleaning job (0)

Anonymous Coward | more than 4 years ago | (#29933723)

Don't forget that if you have a proxy (and you probably do at work), the eye chart is bogus. The proxy will cache successful hits from a clean computer within your network. :(

Try F5 (1)

Jeremy Visser (1205626) | more than 4 years ago | (#29939727)

Don't forget that if you have a proxy (and you probably do at work), the eye chart is bogus. The proxy will cache successful hits from a clean computer within your network. :(

However, if you hit F5 (or Ctrl+F5) to refresh, your browser will send out a no-cache request in the HTTP header, which most proxies I've tried it on respect, and thus they go to fetch a new copy of the page. That's right: hitting F5 is not the same as a browser simply requesting the page a second time.

Re:Cleaning job (1)

mhollis (727905) | more than 4 years ago | (#29944372)

Doesn't appear to have infected my Mac. :P

Re:Cleaning job (2, Insightful)

buchner.johannes (1139593) | more than 4 years ago | (#29931437)

Is there a way for the researchers to use the sinkhole to clean the worm?
  Maybe they can inject instructions to the worm so it shutsdown but not before it spreads the "fix" to other computers? So along counting the number of PC's infected they also help in cleaning the worm. Impossible?

If you just sniff traffic, that doesn't mean you can inject instructions. And even if, how do you make sure *you* don't ruin the users computers? It is a ethical problem as soon as you mess with other peoples machines; These Botnet hijackers [youtube.com] explain that too.
So, no, researchers are not going to do that. Also, too complex technically.

I think there is one way (2, Interesting)

xant (99438) | more than 4 years ago | (#29931859)

Figure out how to trace a significant percentage of those IPs to their IP blocks to their ISPs. Notify the ISPs. Start a coalition among them to shut off infected customers with a message explaining why and how to fix. Start an advertising campaign to get public support for this and help pressure ISPs to join even though it is not in their short-term self-interest; sell it to them as good PR at this point. Ask them to send a coupon to customers who disinfect, with prorated hours to reimburse the customer for time spent disconnected due to the infection; 90% will never collect on it anyway. Again, pitch this as good PR. Ask them to do this again for the next major infection, again for good PR. (As far as I'm concerned, big companies can crow to the rafters about all their good deeds, as long as they actually do them.)

It's pretty hard to kill this off with tech, but policy might work.

Re:I think there is one way (0)

Anonymous Coward | more than 4 years ago | (#29934911)

Figure out how to trace a significant percentage of those IPs to their IP blocks to their ISPs. Notify the ISPs. Start a coalition among them to shut off infected customers with a message explaining why and how to fix.
(...)
It's pretty hard to kill this off with tech, but policy might work.

That is utter ridiculous. To let ISP spend money and resources for a Microsoft problem?
In case you forgot Windows is a paid operating system, the money you give to them should fix this kind of things.

Re:I think there is one way (1)

Shamenaught (1341295) | more than 4 years ago | (#29936893)

I think the major thing to consider is that the customers are the ones who pay the ISPs money. Why would the ISPs care if their users have infected machines? Unless it's made a legal requirement, no ISP is going to voluntarily snub someone who pays them money.

Re:I think there is one way (1)

Runaway1956 (1322357) | more than 4 years ago | (#29935421)

Haven't I read this suggestion elsewhere? Are you a plegiarist? WTF?!?!

Alright, I'm not being fair. The solution is so obvious, hundreds of people have suggested it here and elsewhere, and thousands more will do so. But, the obvious, easy, simple solution will never gain traction. Someone has to make money, or the solution will never be implemented. I'm afraid we'll have to incorporate a couple charges into the scheme. Save the children, save the baby seals, and buy a carbon credit, THEN is will work!!

Mankind is opposed to elegance, after all. It's GOT to have BLING!!

Re:Cleaning job (1)

Tjp($)pjT (266360) | more than 4 years ago | (#29932317)

It is likely a legal liability that would crush the researchers. Even if Conficker did the damage the researchers could be held liable because the courts have juries of non-technical people to render "justice". This is why many many technical lawsuits get settled at the last minute. The balance of evidence is continually weighed and after it reaches some presumed tipping point the parties settle. (Well the big guys, small fry are just outspent and they lose).

I'd love to have a reverse DNS service that returned conficker status (and other infections that can be benignly discovered) of the IP so I could give it a 25 point spam boost. That would tip it over for a lot of SPAM I think. (We have a 100 point scale, above 20 is SPAM, so characteristics score negative (good things) some score positive (bad things)) so I'd assume that through trial and error setting that threshold I block a lot more spam... And maybe have more restrictive filtering of access to our servers (dump the infected through a different path of access, maybe more lengthy filtering, more scrutiny, etc.)...

Action not words! (2, Insightful)

basketcase (114777) | more than 4 years ago | (#29930717)

Are these researchers doing anything about it? Have they handed the IP lists with timestamps over to the appropriate ISPs or corporate network administrators so that the infected systems can be dealt with? Did they even put up a page where you can check yourself or your network?

Merely counting the infected is nothing but mental masturbation. Even the lame government census has moved beyond simply counting.

Re:Action not words! (3, Informative)

thePowerOfGrayskull (905905) | more than 4 years ago | (#29931127)

? Did they even put up a page where you can check yourself or your network?

Yes [confickerw...ggroup.org]

Re:Action not words! (2, Informative)

buchner.johannes (1139593) | more than 4 years ago | (#29931401)

The researchers behind this botnet hijack did report to the appropriate people: http://www.youtube.com/watch?v=2GdqoQJa6r4&feature=youtube_gdata [youtube.com]
And they also say counting IP addresses is off by a factor of 10.

so 7 million IP adddresses really mean 700.000 computers

Analysing is always the first step, I'm sure they or other people are coming up with something. Like selling their malware remover software ;-)

I'm safe! (4, Funny)

dword (735428) | more than 4 years ago | (#29930731)

I've read that Antivirus 2009 removes conflicker, so I have installed it. Now I have to get rid of the other viruses I'm getting warnings about and for that I only need
  • Cyber Security
  • Alpha Antivirus
  • Braviax
  • Windows Police Pro
  • Antivirus Pro 2010
  • PC Antispyware 2010
  • FraudTool.MalwareProtector.d
  • Winshield2009.com
  • Green AV
  • Windows Protection Suite
  • Total Security 2009
  • Windows System Suite
  • Antivirus BEST
  • System Security
  • Personal Antivirus
  • System Security 2009
  • Malware Doctor
  • Antivirus System Pro
  • WinPC Defender
  • Anti-Virus-1
  • Spyware Guard 2008
  • System Guard 2009
  • Antivirus 2010
  • Antivirus Pro 2009
  • Antivirus 360
  • MS Antispyware 2009

or

  • A Unix-based operating system (such as OS X or Ubuntu)

Re:I'm safe! (1)

magsol (1406749) | more than 4 years ago | (#29930767)

Or the abacus!

Re:I'm safe! (0)

Anonymous Coward | more than 4 years ago | (#29938695)

But will the abacus run Linux?

Re:I'm safe! (1)

therufus (677843) | more than 4 years ago | (#29930779)

Please somebody mod parent as funny. I don't want anyone reading it to think that that spyware is ACTUALLY a virus remover.... :(

Re:I'm safe! (4, Insightful)

maxume (22995) | more than 4 years ago | (#29930841)

It's too bad there isn't a tiresome mod.

Re:I'm safe! (1)

Kratisto (1080113) | more than 4 years ago | (#29931111)

This is Slashdot, not Yahoo Answers. I doubt anyone who frequents this site would read that and think "Oh my! I'll get to downloading AV2009 right away!" (and single posts don't come up on Google queries unless they're oddly specific.)

Re:I'm safe! (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29931477)

This is Slashdot, not Yahoo Answers. I doubt anyone who frequents this site would read that and think "Oh my! I'll get to downloading AV2009 right away!" (and single posts don't come up on Google queries unless they're oddly specific.)

 
Don't fool yourself. A few years ago saying "This is Slashdot" would have meant something but today it really doesn't. For as much as people around here pissed on Digg the fact is that the Digg mentality is alive and well at Slashdot. This is not the technogeek site that most people make it out to be. Heavy tech sites kick the shit out of Slashdot and Slashdot is becoming more like the gossip section of a local newspaper.
 
So, no. I don't trust users here to be that smart. The fact that posts about how some people around here can't install the latest Windows and keep it virus free on the net for more than 24 hours speaks less and less about the flaws in Windows but more and more about how lame users are around here.
 
Maybe it's just the passage of time. I don't know. When I was a kid if you owned a computer you knew something about the machine. Even the people who I thought were idiots back then were more advanced than a lot of people who post on Slashdot. It seems like every 12 year old who's ever seen The Matrix thinks he's 1337 and gets modded up for bashing Windows. This only reinforces his delusion that he's a geek. Sad but true.

Re:I'm safe! (1)

sharkbiter (266775) | more than 4 years ago | (#29931735)

I agree. There hasn't been any sort of posting concerning the Japanese Linux Symposium yet and the event is nearly over. I also note that the "Torvolds thumbs up" hasn't been posted either.

Re:I'm safe! (1)

roguetrick (1147853) | more than 4 years ago | (#29932203)

Thank god the Torvolds thumbs up hasn't been posted. That shits something for the comments section, not a goddamn article. Fuck Digg.

Re:I'm safe! (0)

Anonymous Coward | more than 4 years ago | (#29930791)

...and nobody's modded this funny yet.

Re:I'm safe! (2, Insightful)

icebike (68054) | more than 4 years ago | (#29930849)

Half the things you listed are malware themselves.

But your point is well taken regarding just about any flavor of Linux or OSX.

When Windows 7, fresh out of the box from Redmond nags you go get an antivirus that says something right there.

First it says Microsoft has no confidence in the ability of this version to stop any malware.

Second it transfers blame to a sketchy industry that had grown up based on a dodgy OS, and actually lobbied Microsoft not to lock them out, demanding the same holes in the OS that allow viruses in, in order to install their slow-ware.

If Windows 7 was half the Operating system Microsoft claims it is it wouldn't need an antivirus. It would just delete your user account every time you switched to your guest account like OSX and be done with it. (Hey, its a joke. No flames..).

Re:I'm safe! (4, Informative)

dword (735428) | more than 4 years ago | (#29931207)

<quote>Half the things you listed are malware themselves.</quote>
Half? They're ALL malware (except for the last one, of course ;)

Signed,
Proud and happy user of Windows 7, OS X and Ubuntu

Re:I'm safe! (1)

gordguide (307383) | more than 4 years ago | (#29931223)

" ... Half the things you listed are malware themselves. ..."

Actually, every one is malware. He was trying to make a point ... or a joke ... or both.

Re:I'm safe! (1)

cbhacking (979169) | more than 4 years ago | (#29933101)

Win7 (and for that matter, Vista and even XP) DO NOT need anti-virus*. The ignorant monkeys who use them need anti-virus. Hell, the same is even true on OS X - it turns out there are people out there who are big enough Mac fanboys that they'll pirate iLife. Guess what - pirated versions of iLife have started coming with trojans in them, enough that a botnet composed exclusively of Macs running this malware now exists (small relative to Conficker, but nonetheless a serving to illustrate the point). Had those people been running anti-virus software, they *might* not have gotten themselves infected.

In case you missed the point, the source of much of today's malware is user-installed trojans, and the OS can't fix stupid users. Windows is by far the most targeted OS, so Microsoft has found it useful to inform users about antivirus (which provides at least some protection).

* In general, I'll only stand by this claim for users running as non-admin; zero-day exploits do happen. Fortunately, running as non0admin on Vista and Win7 is easy via UAC; on XP it's more difficult.

Re:I'm safe! (1, Insightful)

CannonballHead (842625) | more than 4 years ago | (#29930881)

So, you're saying users can't download malware and install on Unix based systems? Why not? The system protects users from installing software?

Re:I'm safe! (3, Informative)

thePowerOfGrayskull (905905) | more than 4 years ago | (#29931133)

Argue all you want, but you can't deny that such malware is a whole lot less likely to download and install itself on a Unix-based system.

Re:I'm safe! (4, Funny)

buchner.johannes (1139593) | more than 4 years ago | (#29931453)

because its ./configure script fails

Re:I'm safe! (2, Funny)

Jeremy Erwin (2054) | more than 4 years ago | (#29932017)

"checking for wine.... yes"

Re:I'm safe! (2, Funny)

cerberusss (660701) | more than 4 years ago | (#29932823)

To be honest, for most of the listed software, there was an RPM for RedHat 6.1. Unfortunately, the RPM depended on another RPM which we couldn't find.

Re:I'm safe! (1)

grumbel (592662) | more than 4 years ago | (#29931527)

The system protects users from installing software?

Linux does or at least makes it quite complicated to do so. Its one of the nice side-effects of having a package management system, that is incapable of handling non-root installations and doesn't have real support for third-party software, forcing the average user to pick all their software from the distributions repository instead of random webpages.

If a user manually adds new repositories or goes onto manually ./configure && make'ing things, than he is of course no better of then in Windows.

Re:I'm safe! (0)

Anonymous Coward | more than 4 years ago | (#29932341)

(I hate to AC, but I've been modding in this thread and don't want to undo it).
Recently, I put QMMP on a Kubuntu 9.04 machine. (I wanted a lightweight music player that would run in the background with less load than Amarok.).
It was installed through Synaptic package manager. QMMP can use skins made for early versions of Windows's Winamp, and I decided to throw a few of them in its skins directory. It wasn't until then that I learned QMMP wasn't installed under my user directory as it had been last time I set it up. It turned out to be several levels down in a subdirectory of /bin. I deleted that version of QMMP using Synaptic and reinstalled QMMP using another package manager (Adept itself, if memory serves), and with that one it reinstalled QMMP under the user directory where I preferred it.
      The point of this (IMHO) is, as long as you can install other package management tools from the one that is included in the distro, you are only as safe as the least restrictive of those tools you install allows. Not only do different package managers install different software, they sometimes install the same software, in the same version, in different places. That suggests different managers might also install the same software with different defaults set. Alternately, the point is to stick with the command line if you want real control. Alternately again, the point is to at least use Dolphin's view hidden files setting and verify things installed where you thought they did.

Re:I'm safe! (1)

genericpoweruser (1223032) | more than 4 years ago | (#29935881)

Doesn't Adept use Apt just like Synaptic? So it should be the same as using aptitude instead of apt-get. Now if you used rpm (which is available in the apt repositories) to install the package, then that could have the effect you are talking about.

Re:I'm safe! (1)

sjames (1099) | more than 4 years ago | (#29937403)

It's not so much can't. It is naturally possible to purposefully infect your Unix machine, it's just that the system design doesn't set you up for failure.

The various UIs in Linux just don't make it easy to accidentally run a trojan, such as (for example) bodacious-tatas.jpg.exe. by treating users as if they might be too stupid to deal with seeing the entire actual filename. Then there's not being saddled with a legacy of expecting people to have administrative rights all the time.

Finally, there's no marketing department hell bent on convincing people they don't need to know ANYTHING AT ALL to use a computer and then blaming people using computers for not knowing how to not become an accomplice in the RBA's massive spam operation. Honestly, anyone using a computer SHOULD know at least that much.

Re:I'm safe! (1)

mattcen (1577021) | more than 4 years ago | (#29931171)

  • A Unix-based operating system (such as OS X or Ubuntu)

Oh no, didn't you hear? Linux isn't safe any more either :-)! http://www.downloadsquad.com/2009/10/27/how-good-is-wine-at-running-windows-software-on-linux-good-enou [downloadsquad.com]

But it's OK, most of those spyware protection programs are available on Linux as well! The link above shows how to install Windows Police Pro!

Research = do not touch. (0)

Anonymous Coward | more than 4 years ago | (#29930753)

If they were to take control of a botnet to shut it down, they would be potentially liable for damages. IANAL, but being liable is not a good thing.

Re:Research = do not touch. (2, Funny)

migla (1099771) | more than 4 years ago | (#29930803)

Damages schmamages. It's only money. Just get someone who hasn't got any money to front the operation and damages wont mean a thing.

Re:Research = do not touch. (4, Informative)

maharb (1534501) | more than 4 years ago | (#29930901)

Except jail time.

Re:Research = do not touch. (0)

Anonymous Coward | more than 4 years ago | (#29933911)

So make it a corporation, that way you can't do jail time all your own money is protected, and you might even get bailed out.

Re:Research = do not touch. (0)

Anonymous Coward | more than 4 years ago | (#29933995)

You mean jail time for the people who, knowing that Windows is designed to spread worms, recommended it or deployed it anyway, right?

Not really 7m at all (5, Informative)

Yobgod Ababua (68687) | more than 4 years ago | (#29930775)

Everyone should read the original page, particularly the Introduction and section explaining how to interpret their population numbers.
Here's a relevant quote:

"The daily numbers should represent the potential maximum level of the infection, but in previous test cases usually prove to be much less than that maximum. So, take the range of 25% to 75% of the values that we display as the possible infection population and you will be close to the real value."

So the people actually providing these numbers are really saying that the current number of infections is likely to be between 1,750,000 and 5,250,000.

Re:Not really 7m at all (0)

Anonymous Coward | more than 4 years ago | (#29931203)

And I thought it was already weird to celebrate the number 7,000,000 as a milestone. You just made it even less meaningful.

Re:Not really 7m at all (3, Funny)

ColdWetDog (752185) | more than 4 years ago | (#29931837)

So the people actually providing these numbers are really saying that the current number of infections is likely to be between 1,750,000 and 5,250,000.

Thanks, I feel so much better now.

S7ASHB0T SCAREMONGERINGG (0)

Anonymous Coward | more than 4 years ago | (#29932509)

PHJEaR

I told him... (0)

Anonymous Coward | more than 4 years ago | (#29930969)

Al Gore should have listened to me and never invented the Internet. The fool!

Lookup tool? (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#29931051)

How about a lookup tool to see if your infected,
rather than boasting about how many IP's you've logged.

Conflicker? (2, Funny)

gmuslera (3436) | more than 4 years ago | (#29931059)

Its name should be Legion by now.

Hmm (5, Funny)

Anonymous Coward | more than 4 years ago | (#29931109)

Conficker broke 7 Million Infections...
Microsoft just released Windows 7...

Has anyone ever seen Conficker and Windows 7 in the same room together?

Good point (1)

symbolset (646467) | more than 4 years ago | (#29931159)

XP is going out of support. It's time to upgrade right away [youtube.com] !

Re:Good point (1)

BitZtream (692029) | more than 4 years ago | (#29931561)

Going out of support ... in 5 years ...

Re:Good point (1)

AliasMarlowe (1042386) | more than 4 years ago | (#29933399)

Going out of support ... in 5 years ...

So if you start upgrading to Windows 7 now, it might just have finished in time. Unless it's still in that install-reboot cycle... http://slashdot.org/firehose.pl?op=view&id=6671599 [slashdot.org]

Re:Good point (0)

Anonymous Coward | more than 4 years ago | (#29931809)

What support? You mean I could have gotten support when it trashed the boot sector?

Re:Good point (0)

Ash-Fox (726320) | more than 4 years ago | (#29932381)

XP is going out of support. It's time to upgrade right away! (link to Mac ad)

You know, I've seen quite a few bad Windows flaws, but to be honest, I can't think of any that top the recent flaw OS X had where logging into the guest account on the system would erase the contents of your home folder... I really can't think of any Windows flaws that were that destructive or even came close to it.

Worst hilarious part is: This is the second time this flaw occurred on OS X.

Re:Good point (4, Insightful)

Anonymous Coward | more than 4 years ago | (#29932493)

Second time? Citation needed, seriously.

Apart from self-contained data loss bugs that corrupt single files or bork their own data, the only difference between them is the identity of the data affected--deleting your user folder is no more or less "destructive" than deleting the Program Files folder or the System32 folder or any other combination of important data.

More to the point, you have a short and selective memory. On the Windows side, the number of data loss bugs in the Microsoft KB is staggering--many of which far more easily triggered than the Snow Leopard bug (which PC World was unable to reproduce). There have been plenty of famous and significant data loss bugs in Windows' history, like the Windows 98SE shutdown bug, the Windows 2000 ATA bug, and even the Windows XP bug that ate the user data folders, quite similar to the Snow Leopard bug: http://www.v3.co.uk/vnunet/news/2116562/winxp-bug-ate [v3.co.uk] .

How about the similar data loss bug in the Linux kernel a few years ago: http://news.cnet.com/2100-1001-976427.html [cnet.com] . A simple Google search will reveal several more, before and since, in the kernel and in distribution packages.

Then there's the infamous Mozilla bug that wiped out the entire Program Files directory on Windows: http://www.mozillazine.org/talkback.html?article=4264 [mozillazine.org]

It's not just user-level software development, either. Just look at Intel's repeated data loss bugs in their SSDs.

All the big names have let a bug like this slip at one time or another. It's unfortunate, but inevitable.

Re:Good point (1)

Ash-Fox (726320) | more than 4 years ago | (#29949934)

Second time? Citation needed, seriously.

It was back in 10.1 I think, I can't be assed to Google it and shift through the billion issues OS X had back then.

There have been plenty of famous and significant data loss bugs in Windows' history, like the Windows 98SE shutdown bug

That was not a win98 bug, that was harddrive manufacturers building faulty harddrives that said "yes, I've written everything", when it was still in the harddrive caches, so Windows would power off the machine and the data would never end up written to disk - Harddrive manufacturers fixed this and don't do that anymore. But hey, if I stuck such a harddrive in to a OS X machine, the same thing would very likely happen.

the Windows 2000 ATA bug

Also another bit of hardware retardness, the IDE storage driver stack incorrectly accesses registers that are required for a software reset causing data loss.

the Windows XP bug that ate the user data folders, quite similar to the Snow Leopard bug: http://www.v3.co.uk/vnunet/news/2116562/winxp-bug-ate [v3.co.uk] .

Not similar at all, this is by design for preinstalling. The only scenario where this would crop up is with OEMs not imaging disks correctly when they build their preinstalls, this is not a XP bug.

So, so far you've found hardware bugs that aren't the fault of the OS and some badly installed version of Windows that wouldn't normally occur.

Then there's the infamous Mozilla bug that wiped out the entire Program Files directory on Windows

That's not an OS bug.

It's not just user-level software development, either. Just look at Intel's repeated data loss bugs in their SSDs.

I'm honestly not interested in hardware bugs, 3rd party app bugs. The discussion is about the operating systems losing user files under normal operation without extraordinary circumstances (ie: hardware issues, some idiot purposely breaking the install). So far the evidence you have provided hasn't shown Windows to have done this at all.

Re:Good point (0)

Anonymous Coward | more than 4 years ago | (#29957606)

It was back in 10.1 I think, I can't be assed to Google it

Actually, that was a Firewire-related bug, which by your own retconned standards doesn't apply since it's hardware related. It was by no means the same bug, though.

That was not a win98 bug, that was harddrive manufacturers building faulty harddrives

No. It occurred only in 98SE, not in NT4, not in Linux, and not in Mac OS 8.

That's not an OS bug.

No shit.

The discussion is about the operating systems losing user files under normal operation without extraordinary circumstances

Then you've already disqualified the Snow Leopard bug, because it was almost impossible to reproduce. Simply having a guest account from Leopard and logging in was not sufficient to trigger the bug, as several articles found when attempting to recreate the bug...and failed.

There have been countless other data loss bugs in Windows' history, but since you can't be assed to Google one bug for OS X, I won't either.

The point remains that data loss bugs are a reality of programming in hardware, in third party applications, and in every OS vendor's products over time. There are over 900 entries on Microsoft's support site for data corruption and over 400 for data loss. I just happened to pick the ones that I remembered. Your trolling is unsuccessful.

Re:Hmm (0)

Anonymous Coward | more than 4 years ago | (#29932221)

Actually, I've never seen them apart.

So what? (-1)

Anonymous Coward | more than 4 years ago | (#29931333)

That's still short of the eight million your mom has infected.

conficker (1)

thehostiles (1659283) | more than 4 years ago | (#29931335)

congratulations conficker!!! let's throw a party for our obediently waiting for the operator-to-hit-the-big-red-button-soldier-overlords

Re:conficker (1)

sharkbiter (266775) | more than 4 years ago | (#29931747)

"That was easy!"

Hire a nigger? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29931371)

I'd sooner hire a known thief!

It's a new trend, and I want one too. (1)

petronije (1650685) | more than 4 years ago | (#29932537)

I hate my linux box for not letting me have this shiny thingy. It is a new trend - 7mil users and growing. I want one too!!!

Re:It's a new trend, and I want one too. (0)

Anonymous Coward | more than 4 years ago | (#29933171)

I hate my linux box for not letting me have this shiny thingy. It is a new trend - 7mil users and growing. I want one too!!!

yeah.. I hate Windows Update for the same reason. The bastards had this patched very early (more than a year ago), long before it became epidemic. I should have listened to all the people who know better how to admin their computers and left automatic update off, they are the ones enjoying this.

So disappointing (4, Interesting)

ndogg (158021) | more than 4 years ago | (#29932769)

I know I'm a terrible person for thinking this, but I was really curious about the chaos that was to ensue once Conficker's creators brought the hammer down.

*sigh*

Alright, so hell is that way, right? --->

Re:So disappointing (2, Interesting)

Civil_Disobedient (261825) | more than 4 years ago | (#29937313)

I was really curious about the chaos that was to ensue once Conficker's creators brought the hammer down.

The most effective pathogens are the ones that keep their host alive as long as possible, because then they have best chances of re-infecting the healthy. BotNets are no different. If you "bring the hammer down," you lose everything.

This is the reason why influenza is a far more dangerous killer than, say, Ebola.

more than 7 million surely? (1)

wjh31 (1372867) | more than 4 years ago | (#29932995)

If they are basing 7 million PCs on 7 million unique ips, then surely there are likely many more than 7 million pcs infected, as each ip will represent one home router that is broadcasting to all the pcs in that home. And if one is infected, id say its fairly likely that all the rest are infected too, so id multiply that 7 million by the average number of pcs in a household.

Re:more than 7 million surely? (1)

jellyfrog (1645619) | more than 4 years ago | (#29933189)

Keep in mind that almost every household router has a dynamic ip address, so one router could account for many ips over time easily.

Windows virus devastates complacent idiots (2, Funny)

David Gerard (12369) | more than 4 years ago | (#29933581)

A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough [today.com] to still think Windows is not ridiculously and unfixably insecure by design.

Despite many years’ warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying “COME AND GET IT.”

Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. “Don’t they trust us?” asked marketing marketer Steve Ballmer.

Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. “There’s a reason the Unix system on Mac OS X is called Darwin,” said appallingly smug Mac user Arty Phagge.

“It can’t be stupid if everyone else runs it,” said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. “Macs cost more than Windows PCs.”

“Yes,” said Phagge. “Yes, they do.”

Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can’t say we care.

7 million computers? (0, Offtopic)

Maxim Kovalenko (764126) | more than 4 years ago | (#29938249)

heh, they have more installations than every Linux distro combined. ;) (and no, installing a new distro every month doesn't count to the Linux total guys, sorry ;) )

A lot more than 7m (2, Funny)

sea4ever (1628181) | more than 4 years ago | (#29938757)

A good set of these computers which are infected are going to be on dial-up connections, and they might have been offline at the time, also another large set are going to be behind firewalls and what-not which are supposed to prevent whatever on earth the firewalls were originally for, so even though only 7m unique IPs connected, a lot more didn't get the chance. There are probably a lot of 'offline' conficker-infected PCs out there. :) Let's hope that it starts using itself as one large cloud-computing system and acts as a tracker to replace TPB. and *when* will it upgrade it's host computers to linux? Surely it wants to become stronger. :)
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...