Conficker virus begins to attack PCs: experts

Originally posted by makeitso
reply to post by mblahnikluver

 

As far as I am aware, if you have not installed Micro$oft OS on the same computer, you have dodged the bullet.

Apple is not (currently) affected by Conficker (as I understand it).



[edit on 4/26/09 by makeitso]

Not so, it has successfully injected itself onto all known networks, however, this might be either through your mem chipset which after each restart it zeros itself out, but then it can feed itself information stating that its no longer able to scan so then the person /s re-visits your system, this obviously can be an automated process at any random time/day/date

I dont even understand how people get virii. I havent used a virus scanner in 9 years and never got a virus or worm. Checked my system just now and of course I dont have it. People who know anything about computers shouldnt be getting this crap.

[edit on 26-4-2009 by Memysabu]

reply to post by tristar


In other words, you have absolutely no verifiable information that Conficker is stealing data, selling data, shutting down networks or any of the actions you indicated were happening.

If you do, I would love to see the research.

Until someone posts that info, according to all the research I know of, it is currently spaming, and selling scareware, and replicating.

Originally posted by makeitso
reply to post by hal4511

 

Sounds great, but in reality full disclosure shows that Linux has its own set of vulnerabilities, as do all OS's.


As another side note; it seems that some researchers feel the majority of conficker infected pc's are Illegal copies of Windows

based on the geolocated chart courtesy of IBM’s ISS and Symantec’s logical conclusion that users, perhaps even companies with illegal copies of Windows represent the largest proportion of the infected set

.





[edit on 4/26/09 by makeitso]

Yes Sir/Madam, that is absolutely correct. In fact, what has raised the bar across the world, is that sites who allow so called cracked software to be downloaded have systematically built the code into the most sought after pirated software/music etc.
By know you can see how easy it is and obviously how ingeniously well thought out this piece of coding is.

reply to post by tristar


Can you please povide a link showing that Apple is currently being infected by Conficker.

Thanks,

[edit on 4/26/09 by makeitso]

Originally posted by Memysabu
I dont even understand how people get virii. I havent used a virus scanner in 9 years and never got a virus or worm. Checked my system just now and of course I dont have it. People who know anything about computers shouldnt be getting this crap.

[edit on 26-4-2009 by Memysabu]

1) Have you downloaded music
2) Have you visited any XXX sites
3) Have you visited a known social site and accepted a social group
4) Have you visited other board's and requested to sign up.

If you have, then your in the 50-70% region.

Originally posted by makeitso
reply to post by tristar

 

In other words, you have absolutely no verifiable information that Conficker is stealing data, selling data, shutting down networks or any of the actions you indicated were happening.

If you do, I would love to see the research.

Until someone posts that info, according to all the research I know of, it is currently spaming, and selling scareware, and replicating.

Well you could just research either through google on network vulnerability systems and methods of intrusion detection.
A while ago programs such as Watchfire which have been purchased by IBM were used with tweaking the spinal code to be used in attacks. DMZ attacks are todays most common, but not that difficult to defend one's network, then again it all depends on your network security IT person/s.

Originally posted by tristar
sites who allow so called cracked software to be downloaded have systematically built the code into the most sought after pirated software/music etc.

As far as I am aware, that statement is incorrect.
I would love to see some research the code that helps conficker spread is being intentionally added into cracked copies.

In reality the vulnerability that helps conficker spread was a normal part of Micro$oft. No cracked codes need to build it in.

The reason having an illegal copy helps spread it is because Microsoft wont let an illegal copy get updates.

Those recent Microsoft updates that illegal copies cannot get include the fix for the vulnerability that helps Conficker to spread.

[edit on 4/26/09 by makeitso]

Originally posted by makeitso

Originally posted by tristar
sites who allow so called cracked software to be downloaded have systematically built the code into the most sought after pirated software/music etc.

As far as I am aware, that statement is incorrect.
I would love to see some research the code that helps conficker spread is being intentionally added into cracked copies.

In reality the vulnerability that helps conficker spread was a normal part of Micro$oft. No cracked codes need to build it in.

The reason having an illegal copy helps spread it is because Microsoft wont let an illegal copy get updates.

Those recent Microsoft updates that illegal copies cannot get include the fix for the vulnerability that helps Conficker to spread.

[edit on 4/26/09 by makeitso]

Well i would disagree with you here, as injecting a simple file such as a photo / music / text file is well, lets say the most easiest to do, obviously a background would be required, but hey, its not impossible its very real.

People with patched rigs and laptops and running up to date anti-virus will be okay. The Conficker worm only exploits unpatched systems. An easy way to check your PC is by accessing Kaspersky, Symantec etc. The worm automatically prevents infected PCs from accessing the major security vendors and wipes restore points.

The worm is designed to call home via P2P at intervals. When the call is received it quietly begins to download updates. What these updates are is mostly a mystery as the creators have used powerful encryption. People like Dan Kaminsky have set up infected, isolated PCs so they can analyze the behavior and preempt malicious activities. They found the worm attempts to 'call home' around 8 times a day to a randomly selected domain name. The creators can then register a domain name in the knowledge that sooner or later the worm will call and receive new instructions. It's a very nifty bit of programming and the blinds involved that protect the creators are intelligent.

It's easy to imagine the profits to be made from the information found on the estimated 12 million infected PCs around the world. Sadly, a lot of banks will not compensate you for having a compromised system and having your money stolen. They have put the onus on you for maintaining up to date and patched software. Across the world, too many people don't have even the basic knowledge of securing their systems.

Dark Reading: Conficker's Three-Way Knockout

Conficker Detection: Let Me Count The Ways

Conficker self-updates, launches false infection alert

Dark Reading: A Quick And Easy Way To Tell If You're Infected With Conficker

Sophos: Conficker Detection and Removal Tool (Free)

Originally posted by tristar
Well you could just research either through google on network vulnerability systems and methods of intrusion detection.

I have done the research.
That is why I do not post that Conficker is currently stealing data, etc.

However you have posted that, which is why I have asked you to post the research showing that conficker is currently doing those things.

To date, you have not provided those links.

I believe its because there is no research indicating that is what Conficker is currently doing.

Please feel free to prove me wrong. :-)

Post links to research showing that Conficker is programmed to, and currently stealing data, selling data, etc. as you have indicating that is what it is doing.

Thanks,

[edit on 4/26/09 by makeitso]

reply to post by Kandinsky


Well said Sir/Madam,

The only issue i find is that many many networks have no serious or very limited knowledge. Keep in mind you only need one access point. Then it does spread to which ever terminal you would like with ease. Now if that employee takes his work home on a portable digital unit, then his computer is also affected along with who ever else he will be interacting with.
As i posted earlier its and ingenious piece of art, but its just as dangerous.

Originally posted by Kandinsky

It's easy to imagine the profits to be made from the information found on the estimated 12 million infected PCs around the world.

That was a good post.

With the above exception, (in my opinion).

Using ones imagination is no substitute for actual research.

I have not been able to find any research indicating that Conficker is currently stealing data, and nobody has posted a link to any research that indicates it is stealing data.

If anybody has a link to actual research indicating conficker is programmed to steal data, please post it. Please.

Thanks

[edit on 4/26/09 by makeitso]

Originally posted by makeitso

Originally posted by tristar
Well you could just research either through google on network vulnerability systems and methods of intrusion detection.

I have done the research.
That is why I do not post that Conficker is currently stealing data, etc.

However you have posted that, which is why I have asked you to post the research showing that conficker is currently doing those things.

To date, you have not provided those links.

I believe its because there is no research indicating that is what Conficker is currently doing.

Please feel free to prove me wrong. :-)

Post links to research showing that Conficker is programmed to, and currently stealing data, selling data, etc. as you have indicating that is what it is doing.

Thanks,

[edit on 4/26/09 by makeitso]

Lets be honest here, if i was validate proof of its data transfer then i would have a serious issue in regards to compromising ongoing investigations. How ever, i could perhaps upload a simple video showing the injection methods used and how it successfully can access a networks shell system or a simple browser injection or file injection and off course you can see the list is endless and the methods are infinite.

Originally posted by tristar

Well i would disagree with you

All we have is your opinion so far.

I asked for links to research showing that code is being inserted to cracked copies, allowing Conficker to spread, as you indicated.

Got links to the research, or is this just your opinion?

reply to post by tristar


In other words, you don't have and links to any research showing that Conficker is programmed to steal data or shut down networks.

Is that correct?

reply to post by makeitso


No that is not correct.

I may provide you with a video showing you the methods used and implemented. But this would require some above normal standard of computer knowledge for it to be understood.
You need to understand that this topic holds a great weight on a global scale as its seems to be spreading like wild fire. On that note, if you could allow me 48hrs to alter the video file showing methods used, i would be great full. Although i may have some computer knowledge at hand it does not mean its video orientated.

Originally posted by ROBL240
Coincidence that this Computer Virus has been "activated" at the same time the Flu Virus was released in Mexico? Someone doesnt want people to have information spread across the internet and for the general public to solely rely upon the Media for up to date news

yesterday, 4/25/09, my comcast high speed fiber-optic connection was down for more then 2 hours... from 12:15 pm PST. to 2:30 pm PST., comcast techs could only say they were having some problems...huh?...no s**t sherlock...

Wha? Of course it can be stopped. We had plenty of cases of this before the first big report, cleaned those without a problem. There is a patch from last November that actually prevents this, so if patched, you are also good. If you have system restore turned on, you make make it like you never had it in the first place.

I've not tried malwarebytes on this thing yet, but I've a feeling it would also remove it without a hitch.

Originally posted by fleabit
Wha? Of course it can be stopped. We had plenty of cases of this before the first big report, cleaned those without a problem. There is a patch from last November that actually prevents this, so if patched, you are also good. If you have system restore turned on, you make make it like you never had it in the first place.

I've not tried malwarebytes on this thing yet, but I've a feeling it would also remove it without a hitch.

You need to understand its not only your computer that is infected, if you have emailed anyone while you were infected then THAT data (username/password) has been logged and sent, so in actual fact your doing nothing apart from just dusting the surface. If you were using a company email then that email server is also at risk and everyone who has an account within that particular mail server.