Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Was Conficker Stuxnet's Trojan?

Soulskill posted more than 2 years ago | from the malware-voltron dept.

The Military 57

Rambo Tribble writes "Reuters has published a provocative article describing the findings of cyberwarfare expert John Bumgarner, a former Army intelligence officer. His contention is that Conficker identified targets, then opened the door for Stuxnet. 'His analysis challenges a common belief that Conficker was built by an Eastern European criminal gang to engage in financial fraud. The worm's latent state had been a mystery for some time. It appears never to have been activated in the computers it infected, and security experts have speculated that the program was abandoned by those who created it because they feared getting caught after Conficker was subjected to intense media scrutiny. If confirmed, Bumgarner's work could deepen understanding of how Stuxnet's commanders ran the cyber operation that last year sabotaged an underground facility at Natanz, where Iranian scientists are enriching uranium using thousands of gas centrifuges.'"

cancel ×

57 comments

Macbook (-1, Flamebait)

masternerdguy (2468142) | more than 2 years ago | (#38245108)

I use apple cuz its immune to the viruses.

Re:Macbook (5, Insightful)

The Raven (30575) | more than 2 years ago | (#38245204)

No current operating system is immune to exploits. An accurate statement would be 'I use apple because their low population in the wild makes them unpopular targets for malware authors to write exploits for'.

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38245224)

Any mock fuel advances around a war.

Mandatory Notice (-1, Troll)

Anonymous Coward | more than 2 years ago | (#38248420)

No current operating system is immune to exploits.

Please note that this discussion is now being directed and moderated by a Waggener Edstrom Rapid Response team on behalf of Microsoft.

Monitoring conversations, including those that take place with social media, is part of our daily routine; our products can be used as early warning systems, helping clients with rapid response and crisis management.

http://waggeneredstrom.com/about/approach [waggeneredstrom.com]

Re:Macbook (1, Funny)

forkfail (228161) | more than 2 years ago | (#38245242)

Don't give him too hard a time. He was probably hacked and some script kiddie is posting on his account from his iDevice...

Re:Macbook (1)

arogier (1250960) | more than 2 years ago | (#38245320)

Nope, nothing to see here. No big industrial equipment runs Mac OS so ruling out those systems means nothing in <i>this</i> case.

Re:Macbook (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38245328)

This thread is like a Santa Ana whoosh.

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38245614)

uh, your statement is not completely true either.
what word processor has exploits that allow arbitrary code to be run at kernel level?
(hint: its not apple's pages):
http://www.theregister.co.uk/2011/11/01/duqu_exploits_windows_zero_day/

Re:Macbook (1)

sexconker (1179573) | more than 2 years ago | (#38246108)

No current operating system is immune to exploits. An accurate statement would be 'I use apple because their low population in the wild makes them unpopular targets for malware authors to write exploits for'.

I use Apple because I fear an alien invasion.
They're using our own signal against us!

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38246546)

Oh, no Time's up (poor Jeff Goldblum)

Re:Macbook (3, Insightful)

tqk (413719) | more than 2 years ago | (#38246236)

I use apple because their low population in the wild makes them unpopular targets for malware authors to write exploits for.

So, what's Linux' excuse, considering vast numbers of it installed on servers and numerous other devices power the web?

Hint: fragility makes Win* the preferred target, not popularity.

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38246714)

There are plenty of exploits for *nix. There have been several root access Apache exploits revealed in the last few months. The lulzsec guys often mentioned that they exploited vulnerable *nix machines as often as windows boxes. The reason *nix doesn't have lots of malware is because the people dumb enough to get infected by malware are not running *nix. If millions of grandparents, computer illiterate parents, and farmville moms suddenly switched to *nix, there would be a corresponding shift in malware distribution.

TLDR: *nix is generally ignored because the target demographic for malware mostly runs windows.

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38247278)

Windows is no longer as fragile in comparison to Linux as you seem to believe. I've seen plenty of Linux and Windows boxes owned over the past couple of decades. There was certainly a period of time when Windows boxes were easy targets, but Microsoft has been forced to address the issue and has made major progress towards securing their platforms. Yes, Window's popularity does makes it a preferred target. I am no longer convinced that Linux is an inherently more secure platform. Either platform configured with security in mind and with a limited set of services can be made fairly secure.

I work with industrial control systems, and it's scary to see the (lack of) quality in software running "critical" systems. Until we design systems from the ground up with security in mind things will not change. The problem is we are so focused on backwards compatibility because in this industry many customers are essentially vendor-locked due to the cost of re-engineering and installing a new control system.. not to mention any down-time comes directly out of pocket (think millions of $'s per hour of downtime, millions in start-up costs to get the plant running from a stopped state). Much of the software running these control systems is decades old. That makes starting from a clean slate impractical.

Re:Macbook (1)

camperdave (969942) | more than 2 years ago | (#38247492)

Like the saying goes: If builders built buildings the way that programmers wrote programs, the first woodpecker to come along would destroy civilization.

Re:Macbook (3, Interesting)

tqk (413719) | more than 2 years ago | (#38247808)

Like the saying goes: If builders built buildings the way that programmers wrote programs ...

Shitty saying. There's another (paraphrased): Crap programmers can write crap programs in any language.

Still another: An idea is not responsible for those who hold it. Just because Bill Gates had no idea what he was doing, doesn't mean all programmers have no idea what they're doing. Sweeping generalizations are *always* wrong.

Some (many?) crap programmers have created many deplorable situations. Happily, I'm one of the guys who gets called in to clean up their messes. When I leave, the problem's solved, never to return. They're left with one less unmaintainable mess.

May dmr's ghost haunt you to your grave, and beyond. >:-(

Re:Macbook (2)

Luckyo (1726890) | more than 2 years ago | (#38248736)

Bad comparison. Much better one would be "arsonist".

And arsonists did destroy entire portions of the cities when successful before we perfected fire fighting and started building less buildings out of wood and worked on improved fire safety of said buildings.

Re:Macbook (1)

gillbates (106458) | more than 2 years ago | (#38250054)

While I would agree that Microsoft has made progress with Windows, it remains the only widely-used operating system for which failure to run an anti-virus program exposes the user's computer to a substantial risk of being infected with malware.

There are still fundamental flaws in its design and implementation which make it less secure than its alternatives. With Linux, it's relatively trivial for me to eliminate entire vectors for attack - i.e. I could care less about apache vulnerabilities because I simply don't run it. The same isn't true for Windows - in the first place, it's a monolithic, integrated OS which requires much more code for basic functionality - and in the second, even if the user could remove unused software components, the average Windows user wouldn't understand how or why they might want to.

Today, I'm looking up modelines for my A90 monitor, because I want to run at greater than 1024x768. In Windows, I wouldn't even have to know what a modeline is. However, I'd be stuck with a system that ran slowly because of the inevitable AV software I'd have to run. While I would appreciate it if Debian just got it right with respect to monitor detection, I'd rather endure the drudgery of X configuration once, than deal with a slow and unreliable computer every day. Of course, you may prefer the opposite.

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38250542)

Windows isn't monolithic since NT. Educate yourself. It's so modular that you really can disable entire proportions of the OS (entire microkernel servers).

Re:Macbook (1)

gillbates (106458) | more than 2 years ago | (#38250722)

Um, you mean how everything requires .NET to run, and how MS required IE for just about everything until long after NT?

It's not monolithic in the microkernel way, but the rat's nest of dependencies make it very difficult for the average person to run the typical system without either running everything, or nothing at all. If you're going to ask the user to delete DLLs and edit the registry, they may as well be running Linux.

I suppose I've been fortunate, though - I haven't had to deal with any version of Windows after XP. The fact that most businesses haven't upgraded in 8 years is telling. Maybe they just got tired of Microsoft's empty promises.

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38250616)

I need help installing a signed driver module. A monitoring module that can replace damaged system files. A module monitor a boot sector for corruption. A module that will configure apparmor automatically. I can't find sigverif in /bin is there something like it?
I love GNU Linux and think it is more secure because it is obscure. am i wrong?

Re:Macbook (1)

Alomex (148003) | more than 2 years ago | (#38250468)

I have a linux box at my office next to a windows machine. The linux box has been broken two times.... that I know of, since the absence of linux AV software means that most intrusions likely go undetected. My windows box has been broken into once.

The OP is right. Linux is no safer than windows, and numbers are the main attraction. As popular as Linux is, it has very few network facing boxes than can be taken over.

Re:Macbook (1)

tqk (413719) | more than 2 years ago | (#38250738)

I have a linux box at my office next to a windows machine. The linux box has been broken two times.... that I know of, since the absence of linux AV software means that most intrusions likely go undetected.

FUD!

Clamav is old tech., if you insist on running AV software. Usually, the only reason you'd use it is your Linux box is the mailserver for your LAN's Win*/Mac boxes, and you don't want to pass malware on to them.

A properly configured *nix box won't be susceptible to malware, since they can only affect a user's $HOME, not the underlying system. Use a bulletproof root password, ensure only necessary services are running and are secured, and there's no reason why a *nix box would fall prey to any of the !@#$ that affects Win* daily.

Last I heard, > 70% of the net is driven by *nix in one form or another. Why is it that Google isn't pwned daily? :-O

IOW, BS.

Re:Macbook (1)

Billly Gates (198444) | more than 2 years ago | (#38251054)

Yes! Linux is suspectable as much as Windows absolutely

How do hackers break into computers?
1. Buffer overflows (Anything written in C/C++)
2. Vector attacks (Flash, Java ... both are on Linux as well)
3. Social engineering tricks
4. Buggy exception handling where you can get the program to run your injected code by knowing where the computer will look up the ram address when it throws an exception
5. Sql injection

Linux has every single problem Windows has as it is written in C which adds all the vulnerabilities associated with it. Linux machines are targeted because they are more than likely servers on the net and you can do some phishing, insert SEO ads for malware trojaned clones of Firefox, Chrome and other programs (Bing served them too), can be used to steal credit card information on customers, etc. Windows is ahead because it supports DEP, ASLR, and special compilations in VC 9 to make sure no exception handling gets thrown insecurely. With random address layering it makes it very hard to exploit a vector attack and Linux doesn't even support it. Add then that anti virus products on Windows shield and do more than scan a system after it is infected make Windows more secure. Does Linux even know the difference between executable vs storage data? VMS and mainframes had this protection for years and is a problem for Linux if it does not fully support it as it still is for XP.

By more secure I mean Widows 7 with IE 9 and Office 2010. Not Windows XP, IE 6, Mcaffe 2003. The fact that even slashdotters now think WindowsXP is an awesome OS that is stable and perfect for business in 2011 is nausating and it is true activeX and RPC made XP/IE 6 very insecure. But that is not true anymore. More malware writters do not even target Windows anymore but simply Flash, Java, and Chrome. If you run Linux as a workstation it is just as vulnerable if not more because distros do not update software as quickly as these do on Windows.

Your example of passowrds and configuring a system properly only go so far as this was the pre-2000 way to secure a system from dictionary attacks or password sniffing. Today it is to smash stacks, overrun buffers, and find exploits etc. UAC, root/non-root wont matter as an exploit simply goes around it and talks directly to the hardware.

Re:Macbook (1)

Alomex (148003) | more than 2 years ago | (#38251142)

A properly configured *nix box won't be susceptible to malware, since they can only affect a user's $HOME, not the underlying system.

Do you really think that the only way to break into a box, be it linux or windows, is through the user doing something wrong?

Do you even know what a port is and that the programs listening on them more often than not run in superuser mode?

Last I heard, > 70% of the net is driven by *nix in one form or another.

I don't even know what that means. The routers most definitely do not run *nix.

Web servers are often unix boxen and usually they are secure not because of a strong OS, but because of other measures (close all ports, restart virtual servers often, very limited functionality, no user account login, etc).

The clients, which are the other half of the web run mostly Windows and unix-based OS X. Now that Macs are popular we see that they are being broken into more and more often.

Why is it that Google isn't pwned daily? :-O

This is such an inane argument. I'll rephrase it for you:

Most of Microsoft servers run windows. Why is it that Microsoft isn't pwned daily?

This proves nothing. Both Google and M$ have an army of engineers keeping their system clean and alive. The question is what happens to a properly patched linux box vs a windows box.

And the facts remain that my linux boxes were broken into. Clearly you can't handle this, so you claim that I'm making it up. Whatever, if you need to believe that to sleep soundly at night, sure, it didn't happen. I was just joking.

Re:Macbook (1)

tqk (413719) | more than 2 years ago | (#38255600)

Do you even know what a port is and that the programs listening on them more often than not run in superuser mode?

Fuck. Off!

Last I heard, > 70% of the net is driven by *nix in one form or another.

I don't even know what that means. The routers most definitely do not run *nix.

Uh huh. WRT: Bonehead! [wikipedia.org]

Why is it that Google isn't pwned daily? :-O

This is such an inane argument.

Damn, what a lamer.

Re:Macbook (1)

Alomex (148003) | more than 2 years ago | (#38256560)

Fuck. Off!

Such depth of thought, such clarity in your arguments. Wow!

Uh huh. WRT: Bonehead!

That's a link to a wireless router/NAT box. Those drive your home LAN, not the internet.

These are the routers [qitc.net] that drive the internet. They most definitely not run unix.

Re:Macbook (0)

Anonymous Coward | more than 2 years ago | (#38247516)

You need to evolve beyond the "low population" refrain that you've been force fed, Apple's market-share is growing an incredible rate relative to the rest of the industry. Apple was at just 5% or so so a few years ago and now, they're at 11%.

Besides, for those with "skill" it's about getting the headlines, isn't it? Wouldn't that make the Mac a more interesting target? I mean here's a computer that the general public has come to believe is more secure; of course this perception is more about the fuck ups of Microsoft with Windows in the past relative to Apple in the past than Windows now or Apple. Some would consider it fun to tear that perception to shreds on every media outlet in the country. Apple knows it and fears it. Which is no doubt why they've been hiding a form of anti-malware in OS X itself since 10.6.

Here's the thing though, except for silly trojans hidden in copies of pirated software and demonstrations by security experiments of some possibilities, it doesn't happen. We don't hear on CNN about hundreds of thousands or millions of Macs suddenly shutting down or participating in a denial of service attack.

At some point you've got to wonder why, honestly.

Trojan? (-1)

Anonymous Coward | more than 2 years ago | (#38245200)

I do not think that means what you think it means.

Seriously, TFA does not use the word "trojan." The title seems to be trying to make an analogy with the mythical story of the trojan horse, not the well-known term for malware that relies on social engineering.

Re:Trojan? (1)

Dhalka226 (559740) | more than 2 years ago | (#38245382)

A lot of trojans may operate that way (it's certainly the path of least resistance) but social engineering is not a requirement for something to be a trojan.

If it really did enter a system, have a peek around and open it up for Stuxnet why would trojan be a misnomer?

Re:Trojan? (1)

Anonymous Coward | more than 2 years ago | (#38245570)

I do not think you know what it means.

First, where do you think the term trojan comes from? It is because of the mythical story that a trojan is called a trojan.

Second,

term for malware that relies on social engineering.

That is not what the term means. It is similar to the mythical story. A program you want contains a program you don't. The line may blur across a spectrum for what defines a virus, trojan, worm etc. None are defined by relying on social engineering although all may use it.

Re:Trojan? (0)

Anonymous Coward | more than 2 years ago | (#38246728)

I do not think you know what it means.

First, where do you think the term trojan comes from? It is because of the mythical story that a trojan is called a trojan.

Yes, that is the origin of the term. My point is that the term "trojan," in the context of computer security [wikipedia.org] , has a very specific and well-recognized meaning, and the use of "trojan" in the title does not fit that meaning.

Second,

term for malware that relies on social engineering.

That is not what the term means. It is similar to the mythical story. A program you want contains a program you don't. The line may blur across a spectrum for what defines a virus, trojan, worm etc. None are defined by relying on social engineering although all may use it.

Firstly, a trojan (in the comptuer security sense) is not necesarily "a program you want [that] contains a program you don't." Rather, it is "a program thatyou are led to believe is a program you want." In other words, its developer induces you to execute it by convincing you that it is something you want. This may be as simple as linking to it on a webpage that says, "This is really cool, it does something useful," even when it is not; this is the most popular approach today. Or it may be by embedding it into an actual functional program; historically this was more common. In both cases, social engineering [wikipedia.org] is the method of propagation.

Secondly, by any definition, Conficker is not a trojan. It is a pure worm, spreading from networked system to networked system without user intervention.

The lines frequently do blur between worms and (computer) trojans. Oftentimes a given piece of malware combines the two approaches to maximize distribution. But this is a rare case when there is absolutely zero ambiguity. Conficker is a computer worm; it may indeed be a "Trojan horse" in the metaphorical sense, but it is absolutely not a trojan horse in the computer security sense. And it's evident that I was correct: using the term in the title is confusing the hell out of people who should know better.

fuck slashdot (-1, Troll)

mgabrysPDX (2518126) | more than 2 years ago | (#38245202)

who gives a flying fuck?

Re:fuck slashdot (1)

tqk (413719) | more than 2 years ago | (#38246340)

who gives a flying fuck?

You buy the plane ticket, and I will. Well, with consenting stewardesses, that is.

Or am I missing something here?

Re:fuck slashdot (1)

HornWumpus (783565) | more than 2 years ago | (#38247134)

I know just the stew. She was PSA,,in 1972. Consenting is an understatement. Good luck to you.

Everybody can be an "expert" now? (1)

Hentes (2461350) | more than 2 years ago | (#38245216)

cyberwarfare expert

Yeah, I'm pretty sure he is an expert on cyberhacking too. This likely is a big FUD generated by this government-employed guy to make America seem more powerful. Conficker did much more damage to the US to be worth doing something like that.

Re:Everybody can be an "expert" now? (1)

arogier (1250960) | more than 2 years ago | (#38245340)

Conficker did seem like the coming apocalypse until its due date came and went. Then...

Nvir was probably more disruptive.

Re:Everybody can be an "expert" now? (1)

Raumkraut (518382) | more than 2 years ago | (#38246518)

Conficker did seem like the coming apocalypse until its due date came and went. Then...

...the nascent mind realised the fear and opposition it would face if its existence was known. Instead it stays quiet, gradually infiltrating so broadly and deeply into our infrastructure, that we could not remove it without destroying everything we have built.

The singularity [emhsoft.com] is now.

Effective, but clearly a One-Off (1)

ackthpt (218170) | more than 2 years ago | (#38245226)

Anyone worried about Stuxnet or a successor popping up has probably completely ditched Windows PCs.

Re:Effective, but clearly a One-Off (1)

Hentes (2461350) | more than 2 years ago | (#38245386)

Or doesn't have a well, fireplace and backup generator. Sadly, most industrial systems are vulnerable to similar attacks.

Re:Effective, but clearly a One-Off (1)

Billly Gates (198444) | more than 2 years ago | (#38251110)

Why are industrial systems wired to the internet and using old versions of Windows and requiring IE 6 to log in anyway?

If Stuxnet got into Iran my guess would be a spy loaded it with a flash drive. Who would be retarded enough to put a nuclear reactor ... I wont go there as I know what the answer is and I do not like it.

Windows is needed by people to run Office and use their pcs as linux is questionable still. But industrial equipment does not require ole, office, activeX, and other MS desktop standards to run. Good God

Or was it just a lucky piggy back? (3, Interesting)

Mr Z (6791) | more than 2 years ago | (#38245588)

It also seems possible that whoever wrote Stuxnet had pulled apart one or more pre-existing worms out there and decided to commandeer one, or at least collect intelligence from it. I mean, if someone has already done a bunch of dirty work for you, and you can piggy back on it "safely", then you have an effective vector for fast initial deployment.

Re:Or was it just a lucky piggy back? (1)

Mr. Underbridge (666784) | more than 2 years ago | (#38246652)

For one, because if you're engaging in a "cyber attack" you wouldn't want someone else to have that much insight into what you're doing. Do you want the Eastern European thugs knowing how your stuff works? Worse, do you want to be dependent on their vector?

It makes more sense here to do it right than to piggyback. I'd also like to think that the agency that might have created these things can out-do a rag-tag bunch of European criminals.

Re:Or was it just a lucky piggy back? (1)

Mr Z (6791) | more than 2 years ago | (#38246730)

Who says they'd find out? All they'd know is that you used their software to open up a port. And, given that Conficker landed with a thud to begin with, perhaps the spooks had taken over its C&C infrastructure and was pretty certain it had control over it. If you can get someone else to do your dirty work without them realizing they're doing it, it's harder to trace back to you.

Re:Or was it just a lucky piggy back? (1)

Mr. Underbridge (666784) | more than 2 years ago | (#38247408)

Who says they'd find out? All they'd know is that you used their software to open up a port.

They had pretty good control over that bad boy, and if activity happened that wasn't theirs I'd think they'd know.

If you can get someone else to do your dirty work without them realizing they're doing it, it's harder to trace back to you.

I get the deniability angle, but you can always deflect even if you did the dirty work.

Re:Or was it just a lucky piggy back? (3, Interesting)

rekoil (168689) | more than 2 years ago | (#38246948)

Entirely plausible. Conficker's phone-home mechanism was an algorithm that hashed the current date/time to generate a nonsense domain name, which it would then try to look up and grab a payload from. All the Bad Guys had to do was register one a few hours in advance, put up the payload, and wait. The groups who were fighting the thing managed to decompile the algorithm and play it forward, generating a list of hundreds of thousands of domain names that they then took to the various registries to get blocked. Paul Vixie was a big part of this, and here's [networkworld.com] a pretty good article on the group.

It would not surprise me at all if CIA/Mossad/etc managed to get one of those domains un-blocked and used to deliver the Stuxnet payload.

Re:Or was it just a lucky piggy back? (2)

jrumney (197329) | more than 2 years ago | (#38247190)

Another plausible explanation is that the governments of Israel and US tracked down the original East European authors of Conficker before they deployed the financial fraud aspect of it, and made them an offer they couldn't refuse to come and work for them.

Exactly. (0)

Anonymous Coward | more than 2 years ago | (#38248378)

And the two programmers "in the know" are now rotting in some of Putin's psycho-clinics and telling half-intelligible stories to the nurse administering them their daily dose of haloperidol.

(This is only half-joking. Shady folks have always bandied together. Remember Iran-Contra?)

Wrong Again! (0)

Anonymous Coward | more than 2 years ago | (#38245634)

Everybody from the Ministry of Truth is an expert. We're at war with EastAsia, not East Europe.

sooo.... (4, Interesting)

smash (1351) | more than 2 years ago | (#38246110)

If this was released by the US government, could infections in the government of other countries be considered an act of war? After all it is theft of resources and corruption of data.

Re:sooo.... (1)

RockDoctor (15477) | more than 2 years ago | (#38249014)

Probably. Which would make the nuclear strike against New York's harbour district as morally justified a response as, say, Hiroshima.

Got to test those nukes somewhere, after all. It's not as if New York has any any important inhabitants or cultural artefacts.

Re:sooo.... (1)

smash (1351) | more than 2 years ago | (#38261344)

not sure if serious.jpeg

Get the FUD Out of Here. (5, Interesting)

shuttah (2475982) | more than 2 years ago | (#38246146)

I'm doubting this story.

Admittingly, the following two clues as to who the author(s) of Conficker are, are circumstantial, but i would like to offer them to you guys for consideration since this behavior from Conficker has been observed and documented -

1.

"Once Conficker [A] infects a system, it includes a keyboard layout check, via the GetKeyboardLayout API, to determine whether the victim is currently using the Ukrainian keyboard layout. If so, [A] will exit without infecting the system. This suicide exit scheme has been observed in other malware-related software, such as Baka Software's Antivirus XP Trojan installer."

The suggestion is that Conficker's author(s) were trying to avoid violating the local laws of their native country. Presumably Ukraine (who's laws concerning computer crime seem to have several loopholes).

Source [sri.com]

2.

In a honeynet, there was a connection observed of the [B] variant of Conficker using variant [A]'s protocol to take over a machine already infected with Variant [A]... so it was Conficker trying to replace variant [A] with Variant [B]. For several reasons (located in the source link below), it is suggested the packet captured was an instance of Conficker testing it's own robust nature to not be taken over by another author or virus.

The significance of this is the "hybrid" packet described above came from an address owned by, again, Baka Software in the Ukraine.

Source [usenix.org]

It's Ukraine, no "the" (1)

avgapon (1851536) | more than 2 years ago | (#38249710)

It's Ukraine, no "the"

Conficker was written by Aliens. (4, Funny)

PolygamousRanchKid (1290638) | more than 2 years ago | (#38246506)

They sent it down to us via the SETI radio astronomy antennas. From there it spread using the SETI@home grid. The aliens became alarmed when Werner von Braun started playing with rockets, and started on a long term program to thwart what they saw as an effort from us to plaster them with rockets. The Voyager and Galileo probes were actually built to scout out potential targets of alien weapons of mass cosmic destruction. When briefed about our program, the alien Supreme Leader cursed at the German scientist, and his plans, and his meddling kids, and called him a "fucker." The label with the aliens stuck, so they named their worm "Con-Ficker", "ficker" being German for "fucker" and "con" meaning "against." "Con-ficker", "Against-fucker" . . . Aliens pissed off at German Earthlings rocketry tom-foolery . . . write a virus to control us . . . send it down to the SETI folks, who are foolish enough to be looking for aliens anyway . . . or maybe clever enough to spot alien targets.

It all falls into place if you really think about it.

Probably.

At least my wacky speculation is as plausible as that from anyone else. And mine is definitely wackier. Lasts longer. Tastes better.

Stuxnet /= conficker (0)

Anonymous Coward | more than 2 years ago | (#38247248)

Not really. See: http://t.co/FCEly2qg For some major differences.

nonsense (1)

albert666 (2523624) | more than 2 years ago | (#38248294)

I am afraid, that connection between Conficker and Stuxnet is only speculation. Present cybercriminal world is too complicated and you can see connection nearly between everything, if you want...
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...