Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Conficker Blamed In $72M Scareware Ring

timothy posted more than 3 years ago | from the your-lack-of-ethics-intrigues-me dept.

Crime 28

tsu doh nimh writes with an update on the previously mentioned crackdown on scammers peddling fake antivirus products, who were apparently taking advantage of the worm that just won't go away: "Police in Ukraine said the thieves fleeced unsuspecting consumers with the help of the infamous Conficker worm, although it remains unclear how big a role the fast-spreading worm played in this crime. Interestingly, the picture showing the stack of PCs confiscated by Ukrainian authorities (SBU) in this raid is identical to the one shown in an SBU press release last fall, when the SBU detained five individuals connected to high-profile ZeuS Trojan attacks."

cancel ×

28 comments

Sorry! There are no comments related to the filter you selected.

cheap adidas nike shoes (-1)

Anonymous Coward | more than 3 years ago | (#36567086)

I found a online shoes shop: www.closhoes.com. It supplies kinds of branded sports shoes, like adidas shoes, nike shoes, puma shoes, jordan shoes, mbt shoes, supra shoes and so on. Their prices are very cheap.

When will these organizations fleece from ... (1)

Super Dave Osbourne (688888) | more than 3 years ago | (#36567090)

the governments they seem to be truly angry at and bring them down? I'm curious is there any virus or network that is exclusively targeting governments rather than average consumers that are ill informed or unfortunate to click and install some otherwise obvious infection?

Re:When will these organizations fleece from ... (2)

Luckyo (1726890) | more than 3 years ago | (#36567820)

These kinds of exploits hit people who don't update their computers, don't use firewalls and generally have no clue about security. Most government and corporate networks have corporate IT section that is very well prepared to fight such basic threats.

Corporations and governments are hit by very different kinds of attacks (i.e. lulzsec, cyber war attacks, etc), which are specially tailored for each target.

Re:When will these organizations fleece from ... (2)

sortius_nod (1080919) | more than 3 years ago | (#36567966)

Yeh, that's why a major bank I worked for a year ago was having trouble removing conficker from 2500 servers and over 20 000 termianls... such a different conficker to the one everyone else got.

Re:When will these organizations fleece from ... (1)

Luckyo (1726890) | more than 3 years ago | (#36568062)

There are always exceptions to the rule that reinforce the rule.

Re:When will these organizations fleece from ... (1)

sortius_nod (1080919) | more than 3 years ago | (#36568266)

That is not how that phrase is meant to be used:

http://en.wikipedia.org/wiki/Exception_that_proves_the_rule [wikipedia.org]

Re:When will these organizations fleece from ... (2)

Luckyo (1726890) | more than 3 years ago | (#36568502)

Innovation is all the rage nowadays!

Pictures (1)

Idimmu Xul (204345) | more than 3 years ago | (#36567106)

Those 2 pictures are the same stacks, in the same room, just with the camera rotated 90 degrees ...

Re:Pictures (0)

Anonymous Coward | more than 3 years ago | (#36567174)

No shit. That's why the fucking summary described them as "identical".

Re:Pictures (0)

Anonymous Coward | more than 3 years ago | (#36567246)

Those 2 pictures are the same stacks, in the same room, just with the camera rotated 90 degrees ...

No it are different stacks and different rooms, even if they are identical. Don't you get it: these virii evolved into replicators: first they replicated themselves, now they replicate everything around them. Be ready to welcome your new overlords soon.

Re:Pictures (1)

WrongSizeGlass (838941) | more than 3 years ago | (#36567484)

Those 2 pictures are the same stacks, in the same room, just with the camera rotated 90 degrees ...

It's called recycling. They're just doing their part to help the 'green' effort. Though on /. I think we call it redundant or a dupe.

Re:Pictures (1)

sortius_nod (1080919) | more than 3 years ago | (#36568350)

At least they were nice enough to use _some_ different money. Makes it look more real.

Conficker again? (3, Informative)

Compaqt (1758360) | more than 3 years ago | (#36567110)

This a really nasty piece of malware that actually prevents you from reaching any security-related sites.

This was also the impetus for my finally moving from XP to Ubuntu full-time.

Word for the wise: after you run a standard battery of antivirus programs, you should also run conciller.exe [google.com] . That's the only way to get rid of it for good. Otherwise it embeds itself into system files and re-emerges even after you apply a service pack.

More here [digitivity.org] .

Re:Conficker again? (1)

JohannesJ (952576) | more than 3 years ago | (#36567458)

Which begs the question This is is a well known malware . Every major antiviral software claims to detect and remove it. So either A) The anti-malware manufactures and those who market it are liars and Frauds. or B) people who get infected are Ignorant , stupid or lazy and just don't use good updated AV software . Which is it is it.?

Re:Conficker again? (0)

Anonymous Coward | more than 3 years ago | (#36567686)

Which begs the question
This is is a well known malware .
Every major antiviral software claims to detect and remove it.
So either
  A) The anti-malware manufactures and those who market it are liars and Frauds.

or
B) people who get infected are Ignorant , stupid or lazy and just don't use good updated AV software .

Which is it is it.?

C) Both A & B

Re:Conficker again? (1)

orange47 (1519059) | more than 3 years ago | (#36567712)

well, it is not so well known if it gets regular updates and 'mutates'.
made me move from samba to ftp.
blocking 'security-related sites' is actually a good thing, so you know host is infected.

I block their C&C servers via HOSTS files (-1)

Anonymous Coward | more than 3 years ago | (#36567794)

HOSTS files, combined with firewalls rules tables (for IP address based ones).

It's easy enough to do, the data's out there by the TRUCKLOAD on Conficker and many other known botnets, sites/servers/hosts-domains that serve up malware-in-general (virus/spyware etc./et al).

Here are 15 or so that I use for anyone that's interested in protecting themselves in this manner:

---

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]

http://hostsfile.org/hosts.html [hostsfile.org]

http://someonewhocares.org/hosts/ [someonewhocares.org]

http://www.malwareurl.com/ [malwareurl.com]

https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]

https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]

http://www.malwaredomainlist.com/hostslist/hosts.txt [malwaredomainlist.com]

http://www.malware.com.br/lists.shtml [malware.com.br]

http://hosts-file.net/?s=Download [hosts-file.net]

http://www.malwaredomains.com/ [malwaredomains.com]

http://securehomenetwork.blogspot.com/search?updated-min=2011-01-01T00%3A00%3A00-05%3A00&updated-max=2012-01-01T00%3A00%3A00-05%3A00&max-results=12 [blogspot.com]

http://www.safer-networking.org/en/download/index.html [safer-networking.org] (Spybot Search & Destroy has an IMMUNIZE feature that works on HOSTS files here)

http://safeweb.norton.com/buzz [norton.com]

http://blocklistpro.com/download-center/view-details/blocklist-pro-blocklists-mirror/1632-hosts.zip.html [blocklistpro.com]

---

HOSTS files are the main route I took because they offer not just security benefits, but also speed benefits (very noticeable ones), & even anonymity ones to an extent (vs DNSBL)

HOSTS files, imo @ least, are even easier to deal with than a firewall (software OR router based) rules table if you ask me!

I did so again - Because of layered security they offer (combinations of Norton DNS (dnsbl filtering DNS vs. malware online threats & botnets), & firewall rules tables)) AND SPEED GAINS POSSIBLE TOO, via an easily edited route in a text file (which is all HOSTS are, a filter that works at the fastest & most efficient level there is, the IP subsystem).

I.E -> HOSTS are EASY to edit as well with any text editor also (which, face it, anyone can handle using) to add or even remove (or # symbol comment off temporarily even) data from its internal records list.

It works & on the SIMPLEST PRINCIPLE THERE IS for security: You can't get burnt if you don't go into the malware/botnet kitchen!

(I do so based on the principle of "layered security", especially vs. online threats...)

E.G.-> So, if one protective scheme fails, the others is there to kick in to protect you!

(They all work in combination w/ one another seamlessly-transparently... so, it's basically the same idea I suppose, as folks putting deadbolts, door handle knob locks, & chain locks on a door for 'triple layer security' really!)

It works & on the SIMPLEST PRINCIPLE THERE IS for extra speed, & bandwidth YOU PAY FOR OUT OF POCKET also:

See, nicest part about HOSTS files though, is that it's easy to insert other things (say for blocking adbanners) that speed you up online (via hardcoding your fav. sites into it, host-domain name to IP Address resolved, easily done via PINGS), AND, they can also secure you vs. DNS servers going down, being redirect-poisoned, & even get you past a DNSBL (DNS block list filtering) IF you so choose to reach the sites you like... albeit NOTICEABLY faster too!

BONUS/win-win situation...

APK

P.S.=> Good part is, doing HOSTS files &/or Firewall rules tables vs. threats like these is, that even IF you were to somehow 'suck in' say a botnet module?

Well - IF/WHEN you block out what C&C servers they "talk back to" either in HOSTS files (good for hosts-domain names) &/or Firewall rules tables (good for both IP address based + hosts/domain names)??

They won't be able to... effectively NEUTRALIZING them!

(On "somehow sucking in a malware" regarding botnet modules, & say via USB stick, with botnet stuff I am not sure IF that's possible, unless it's what is known as a "blended threat" type, but vs. malware most definitely is & important if they are the type that "talk back to HQ" online)

... apk

Re:I block their C&C servers via HOSTS files (0)

Anonymous Coward | more than 3 years ago | (#36568282)

that's not a good idea.
first of all some windows versions have problems with huge hosts files and it can actually slow down the computer.
 
secondly, its probably trivial for a virus to bypass it.
 
also, they constantly use new domains and adresses.

it might be better to use a real firewall like the one built in router

another option is using some free DNSs that also block malware sites. (if you can trust them)

but, as always, linux is the best option in the end..

It's a fine idea, I do it here & how (0)

Anonymous Coward | more than 3 years ago | (#36569030)

You're overlooking to turn off the DNS Client Cache Service with relatively speaking LARGER hosts files!

"first of all some windows versions have problems with huge hosts files and it can actually slow down the computer." - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

Cure's above what I quote from you, guaranteed...

I do it myself - have to: 1,457,748++ line item entries in my HOSTS file, mostly adbanners blocked (for speed, gain is huge & noticeable) & for security vs. malware + botnets (blocking known bogus servers/sites/hosts-domains)

I.E.-> The DNS Client Cache Service in Windows' structure that gets loaded is NOT "flexible" like say, a list construct or dynamic array...

In fact?

I pointed that which you speak of, to a Microsoft mgt. person (Senior VP, Windows Client Performance Division) named Foredecker (Mr. Richard Russell) who posts here in fact. asking for a "fix/patch", here:

http://slashdot.org/comments.pl?sid=1467692&cid=30384918 [slashdot.org]

(He also admitted after a bit of a debate on it also, that another idea I had was correct either... see the bottom-most part of that link above)

---

"secondly, its probably trivial for a virus to bypass it" - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

Here's a few things vs. that I do:

---

1.) I use ACL & write-protect of the HOSTS file (granting system access & myself)

2.) Mine HOSTS file's CONSTANTLY updating via the system for it I mention now in reply (& there are others, HOSTSMAN for example over @ MVPS.org, & I even built another in Delphi 2002-2009 earlier still, & used it (PyThon now though, write-once, run anywhere IS why))

3.) Once you "blockout" known sources for that kind of thing, you can't get infested as easily IF @ all (& antivirus/antispyware take over the rest via heuristics options or their base signatures/mugshots of "known offenders", so-to-speak).

---

Here's a testimonial example to that effect beyond my own here from other slashdotters in fact to that very effect:

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

---

And, there you are... "Layered Security" is the way...

(I am *SURE* I noted that above... again, did you read my post in its entirety I must ask?)

---

"also, they constantly use new domains and adresses." - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

Which I fill here as they are discovered... that's the way it works in most all security!

(I.E.-> Reactive in nature, MOSTLY, as is the case in antivirus/antispyware programs also)

Here though? Again - That goes on & every 15 minutes from 15 diff. reputable & reliable sources via a Python system for that here... constantly updated!

(I *think* I noted this in my init. post you replied to now also...)

---

"it might be better to use a real firewall like the one built in router " - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

I do, & I noted that...

In fact, I combine HOSTS with Norton DNS (which again, uses DNSBL vs. malware etc.), software firewalls, AND, a Linksys NAT stateful packet inspecting router.

(I must ask once more - Did you read the entirety of my post?)

---

"another option is using some free DNSs that also block malware sites. (if you can trust them)" - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

Again, I noted that above... Norton DNS (I did).

THAT WAS THE MAIN TOPIC OF MY POST IN FACT... lol, again, did you read it?

---

"but, as always, linux is the best option in the end." - by Anonymous Coward on Saturday June 25, @11:13AM (#36568282)

I use it, & it works alright (KUbuntu 10.10 but I like Windows 7 better because more games, & more drivers for hardware of high quality available, and 1 other IMPORTANT FACT which I will post data on now in fact next)

Yes - I think you need to see this information on unpatched security vulnerabilities, Linux 2.6x KERNEL ONLY, vs. nearly ALL of what Microsoft gives you for business & development:

This data's ALL from a respected source for known security vulnerabilities unpatched in SECUNIA.COM:

---

Vulnerability Report: Microsoft SQL Server 2008: (06/25/2011)

http://secunia.com/advisories/product/21744/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (06/25/2011)

http://secunia.com/advisories/product/17543/ [secunia.com]

Unpatched 0% (0 of 6 Secunia advisories)

Vulnerability Report: Microsoft Exchange Server 2010: (06/25/2011)

http://secunia.com/advisories/product/28234/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft SharePoint Server 2010: (06/25/2011)

http://secunia.com/advisories/product/29809/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft Forefront Endpoint Protection 2010: (06/25/2011)

http://secunia.com/advisories/product/34343/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Office 2010: (06/25/2011)

http://secunia.com/advisories/product/30529/?task=advisories [secunia.com]

Unpatched 0% (0 of 7 Secunia advisories)

Vulnerability Report: Microsoft Virtual PC 2007: (06/25/2011)

http://secunia.com/advisories/product/14315/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Internet Explorer 9.x: (06/25/2011)

http://secunia.com/advisories/product/34591/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Visual Studio 2010: (06/25/2011)

http://secunia.com/advisories/product/30853/?task=advisories [secunia.com]

Unpatched 0% (0 of 2 Secunia advisories)

Vulnerability Report: Microsoft DirectX 10.x:
(06/25/2011)

http://secunia.com/advisories/product/16896/ [secunia.com]

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft .NET Framework 4.x
(06/25/2011)

http://secunia.com/advisories/product/29592/ [secunia.com]

Unpatched 0% (0 of 5 Secunia advisories)

Vulnerability Report: Microsoft Silverlight 4.x: (06/25/2011)

http://secunia.com/advisories/product/28947/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft XML Core Services (MSXML) 6.x: (06/25/2011)

http://secunia.com/advisories/product/6473/ [secunia.com]

Unpatched 0% (0 of 4 Secunia advisories)

Vulnerability Report: Microsoft Windows 7: (06/25/2011)

http://secunia.com/advisories/product/27467/?task=advisories [secunia.com]

Unpatched 7% (5 of 72 Secunia advisories)

---

* THAT'S 3.5x LESS UNPATCHED SECURITY VULNERABILITIES ON MS STUFF, THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE!

(NOW- Toss on the rest of what goes into a Linux distro? That # goes "up, Up, UP & AWAY...", bigime, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least!)).

So, that "all said & aside"?

Microsoft's doing a HELL OF A GOOD JOB on the security front, despite what you hear on slashdot!

APK

P.S.=> Sooo... that "all said & aside"?

Compare a "*NIX" OS in Linux's "latest/greatest"?:

--

Vulnerability Report: Linux Kernel 2.6.x (06/25/2011)

http://secunia.com/advisories/product/2719/?task=advisories [secunia.com]

Unpatched 7% (18 of 269 Secunia advisories)

--

THAT?

That's about 3.5x as many as Windows 7 has that are unpatched, and it's not even a FULL OS, it's only the kernel!

* Additionally/again - so it "sinks in":

That's also more than the ENTIRE GAMUT of what MS gives folks to do business & build tools for it as well has!

& it's also NOT the entire 'gamut/array' of what actually comes in a Linux distro as well!

(E.G.-> Such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO)

THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE, and worse, for LINUX!!!

... apk

2 small corrections (my bad)... apk (0)

Anonymous Coward | more than 3 years ago | (#36569226)

NortonDNS was the topic of another post I did here http://yro.slashdot.org/comments.pl?sid=2268288&cid=36567596 [slashdot.org] and in the one you replied to fellow ac?

I didn't note about my HOSTS file update "automagically" system in Python, nor it updating every 15 minutes... my bad, sorry, correcting for it now!

APK

P.S.=> Too many things going on here today on Sat. a.m., doing garden & yard work, paying bills, & posting on slashdot too? My brain needs a faster & multi-core CPU upgrade, lol... not multitasking well enough!

... apk

Care to explain the downmoderation? (0)

Anonymous Coward | more than 3 years ago | (#36570388)

Whoever downmoderated my post should have the courage to speak their mind on reasons for downmoderating my post, based on errors in technical information in computing.

(Additionally, should said "courageous hero" (lol, not) have the balls to reply? Do so... & not just some silly vendetta, or being a troll with off-topic adhominem attacks - do so based on what you feel is in error in my posting (IF You can)).

I suppose I can be happy you're blowing them that way though, & wasting them.

* In any event? See subject-line, & thank you!

APK

P.S.=> I mean, lol, hey: If the "best you've got" is hit & run down moderations of a post, then you've made my point(s) above!

Otherwise? I can only suspect that some malware maker/botnet master is behind the wheel of this unjust downmoderation. ... apk

Re:Care to explain the downmoderation? (0)

Anonymous Coward | more than 3 years ago | (#36570730)

Are you really having that much fun there in your own special little world?

"ReVeRsE-PsYcHoLoGy" (0)

Anonymous Coward | more than 3 years ago | (#36571092)

"?dlrow elttil laiceps nwo ruoy ni ereht nuf hcum taht gnivah yllaer uoy erA" - by Anonymous Coward on Saturday June 25, @04:15PM (#36570730)

?

APK

P.S.=> I don't think the ac troll replier understood my question, & I certainly do NOT understand his answer... someone get me a translation please... lol!

... apk

Re:Care to explain the downmoderation? (0)

Anonymous Coward | more than 3 years ago | (#36577436)

LMAO tomhudson blew writing, modded apk down?

Again tomhudson mods down others when he fails. tomhudson's "standard modus operandi" ac stalking & trolling shows http://slashdot.org/comments.pl?sid=2263468&cid=36577088 [slashdot.org] .

Typical tomhudson geek angst based weak retaliation.

It's the same as you did here also, messing up too http://yro.slashdot.org/comments.pl?sid=2268432&threshold=-1&commentsort=0&mode=thread&pid=36567794 [slashdot.org] on Windows DNS local cache service and hosts files this week and this post also.

We know it's you tomhudson doing it. and it's why many of your posts are getting down moderating also in return this week most of the time.

I caught how you do that here in one of your posts in fact http://slashdot.org/comments.pl?sid=2270208&threshold=-1&commentsort=0&mode=thread&pid=36573584 [slashdot.org] in posts beneath yours.

Posts that also show you stalk and troll hosts file guy apk because he has burned you many times on technical issues in computer programming and networking proven here http://slashdot.org/comments.pl?sid=2230966&cid=36418796 [slashdot.org]

What's worse is how you and your trolltalk.com friends-sock puppet accounts like countertrolling do that very thing to cheat the moderation system here too.

You mod others down via these methods proven here http://slashdot.org/comments.pl?sid=2245866&cid=36491652 [slashdot.org] and you use those trolltalk.com sock puppet account to mod yourselves up also.

(I think with countertrolling is actually a sock puppet alternate registered account here of yours from how he's always supporting you and in your journals or posts suddenly popping up when you are on the ropes. Coincedence? I think not.).

U R lame tomhudson, and everyone knows it.

No wonder you hide in your journal here 90% of the time. I would too if I blundered and get caught playing dirty cards as you constantly do.

Re:Care to explain the downmoderation? (0)

Anonymous Coward | more than 3 years ago | (#36577458)

Uh, tomhudson ac posting blew it on hosts files vs. apk again and I saw what you put up and I agree. It's tomhudson the psycho cyberstalker of slashdot. Talk about geek angst. What bothered me was how countertrolling who yes is a friend of tomhudsons showed how they cheat the moderation system here. That's really low and tomhudson and his trolltalk.com crew should be ashamed of themselves.

Police Lie? Really? I don't believe it! (1)

Zero__Kelvin (151819) | more than 3 years ago | (#36567266)

"Police in Ukraine said ..."

The pictures they claim show evidence are the same as an earlier picture showing evidence against someone else. I think we can safely ignore whatever the police say, at least in this case.

Re:Police Lie? Really? I don't believe it! (1)

Luckyo (1726890) | more than 3 years ago | (#36567836)

I don't think that's up to us, but to Ukraine's applicable court to judge evidence.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>