It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Conficker virus begins to attack PCs: experts

page: 4
18
<< 1  2  3    5  6  7 >>

log in

join
share:

posted on Apr, 26 2009 @ 04:30 PM
link   
is there anyone on this board with the expertise necessary to explain what one should do to subvert this virus? I was thinking about reloading my OS and all other programs, which should negate any conficker virus...right?

sorry, didn't want to read through pages of amateurish solutions... no offense. Sometimes getting an answer is like searching for a needle in a haystack.




posted on Apr, 26 2009 @ 04:32 PM
link   

Originally posted by allclear
is there anyone on this board with the expertise necessary to explain what one should do to subvert this virus? I was thinking about reloading my OS and all other programs, which should negate any conficker virus...right?

sorry, didn't want to read through pages of amateurish solutions... no offense. Sometimes getting an answer is like searching for a needle in a haystack.


You could try poopping into PC Word like I did today. Was pretty helpful - seemed to do the job.



posted on Apr, 26 2009 @ 04:37 PM
link   
reply to post by fleabit
 


Hello,

Obviously your far more advance and obviously more fluent in the intrusion detection network algorithms. That being said, i guess its time we divided your post into a breathing apparatus.

"I've been in the business for over 30 years now, and this isn't some special super-code that can get data off of our servers, exchange, oracle, or otherwise. A single computers lack of protection does not mean that it magically can bypass all other security on our network. It CAN spread to other non-protected computers and infect them as well. Of course, most companies having data worth stealing does monthly updates on all servers, uses SMS to push updates to PCs, and pushes critical updates as they appear. "

Time is not a factor as time is relevant to a person/s exposure to ongoing development.

"A single computers lack of protection does not mean that it magically can bypass all other security on our network."
>*The key target is not the computer itself but the USER behind that system. Once the client/user has been compromised then its all down hill.

"Of course, most companies having data worth stealing does monthly updates on all servers, uses SMS to push updates to PCs, and pushes critical updates as they appear. "
>*You would be surprised as how many networks are open with out breaking into a sweat, how do you think this expanded into closed networks. :-)

"I've had one virus in the last 10 years at my current job, that actually spread to 2 others computers on my network, and did enough damage that I had to rebuild those PCs. We still have firewalls in place however. "
>*So even with your firewalls you were unable to stop them/us/whoever. Having only 1 or perhaps 2 attacks in the past 2 or 10 years does not exlude you from an ongoing possible intrusion.

"What do you think happens? That an infected PC sends this evil code to our server, which then sneaks past server security steals data, and then somehow magically gets back out of our network with that data? It doesn't work like that. There is a reason you cannot use another companies VPN software inside of your companies firewalled network."
>*The target is not the client but the main frame, its like an octopus, based on statistics you have 80% chance of reaching your target, keep in mind this is not a process which happens on a time frame, but on a systematic pre defined schedule, now that schedule could be over 1-2-5-10-15 years, either way there will be an opening, its all about time and patience.

"The virus that spreads via Outlook isn't infecting the Exchange server. It's simply utilizing the GAL (for a nasty virus), or a local personal contacts list, to spread. And even if you send code this way, it still requires your Exchange server to not be updated to filter out that particular virus, and your users STILL have to be stupid enough to open these attachments up."
>*As your last line indicates, the target is not the network but the USERS.(see my first asterix)

"There is a reason that pirated versions are seeing more infections. When you try to go to microsoft / updates, and get the security updates, it now installed the genuine advantage tool (i.e. MS's "is that really a legal copy of windows?" tool). If your version is not valid, it will NOT get updates. Since the security update for this particular code was released in November (those PCs on our network that were patched did NOT get this), all certified versions of windows do get patched. Pirated versions have a good chance to be unpatchable for security updates."
>* It does not matter if you have a legal copy of MS, if they are connected to a mainframe then that can be injected. The code works on a multiple parameters. Since you did state that they are updated, then i doubt that your USER would go into the MS site to see if there are any new recent updates.

"Finally, all companies with data worth stealing are protected. The only computers we had infected (and many companies) are a handful of PCs that fell through the cracks. Either the SMS client is not working properly, or it's a loaner / kiosk station that isn't used very often, or we have some users who travel overseas for long periods, and come back needing updates. These are typically the ones that get infected."
>*Indeed people traveling for lengthy times overseas are the most vulnerable, but you should factor in that about 90% of all these people to tend to log into some form of network, either its a social or commercial or private interface to interact with their family's. This is what is most commonly monitored and obviously most vulnerable.

"If your IT is really on the ball, this is of no concern whatsoever. After our initial infections, we did the standard stuff: send warnings out to the office, made sure all servers were up to date, ran an SMS check to see if the security update was present on all computers, and updates those handful that came back negative. We've not had a single infection since."
>*As i have implied, its prevention rather than trying to find the solution that is the most effective method.

"i.e. people are overreacting to this virus. It's no more sinister than any others I've had roll through. I've had many worse ones in fact.
*> Indeed, but stating that this is just an average injection is not beneficial to who ever is viewing this topic. People may have private data which they feel is just like a national security item.



posted on Apr, 26 2009 @ 04:39 PM
link   
"and the guy there was really helpful. He sold me Norton 2009 and said that would take care of the problem."

LMFAO!!! Now that's funny. Good luck with that one. Norton is the FIRST thing I remove from a new computer.

Buy something top of the line like Kaspersky. You'll never have any problems. I don't even bother with the MS updates, since half those are used to further screw up your computer. Keep it simple. Stick with XP, forget the updates, don't use Outlook or other MS programs, and get a good comprehensive protection software like Kaspersky.



posted on Apr, 26 2009 @ 04:53 PM
link   

Originally posted by madmangunradio

Just google conficker stealing data and you'll find endless links talking about it.

"The latest version of Kido also downloads Email-Worm.Win32.Iksmas.atz to infected systems. This email worm is also known as Waledac, and is able to steal data and send spam," Kaspersky Lab reports


Thank you madman. I appreciate it.
To be real clear though, this isn't conficker stealing data. Its Waldec.

I was aware of this, and have posted more than once about the spam. The reason I didn't post about the article is because its a bit of a scaremongering article.

Although the article is correct about Waldec being installed and stealing data, the "data" it steals is you email contact list. This is nothing new, or overly detremintal in most cases. It uses the list to spread itself. Thats about it. Not that you want this to happen, but its not taking your bank info.

Waldec does have one very troubling aspect. It has the ability to allow remote access. This is very concerning, except... Waldec has been known for quite some time. It seems to be part of the storm bot network, and the anti-virus companies have it very well in hand indeed.

This makes the installation of Waldec more of a curiosity than a threat.
Why would the developers of Conficker risk further detection of its network and processes to push out an outdated, and hamstrung worm?




posted on Apr, 26 2009 @ 04:54 PM
link   

Originally posted by allclear
"and the guy there was really helpful. He sold me Norton 2009 and said that would take care of the problem."

LMFAO!!! Now that's funny. Good luck with that one. Norton is the FIRST thing I remove from a new computer.

Buy something top of the line like Kaspersky. You'll never have any problems. I don't even bother with the MS updates, since half those are used to further screw up your computer. Keep it simple. Stick with XP, forget the updates, don't use Outlook or other MS programs, and get a good comprehensive protection software like Kaspersky.




OK so can someone please clarify what's funny here? Have I been somehow 'done' by PC World by being told to install Norton? I've looked at the documentation and it does indeed claim to fight all known viruses - so what exactly is the problem here?

You guys speak about updates and doing things I have no idea how to do. With Norton I just pop the CD in the drive and it does the rest - why is that such a bad thing?

I shelled out £70 and I think it's frankly - like the guy in PC World said - money well spent if it protects my photos and stuff.



posted on Apr, 26 2009 @ 05:07 PM
link   

Originally posted by Kandinsky
I was speculating


Yes, I agree.

That is what the "its stealing data and selling it" and "its crashing networks globally" crowd is doing.
Speculating.
It makes a great story, but proving it, thats a horse of a different color.

I have been highlighting that by asking for links to the research that shows its currently programmed to steal data. So far...nada.


Is conficker admirably thought out, and well programmed? Absolutely.
Does it have the potential to do all that scary stuff? Absolutely.

Proof its doing it now? Nada.



posted on Apr, 26 2009 @ 05:12 PM
link   
This virus can easily be removed using DrWeb CureIt! I had AVG installed and got the virus before it could handle it, but DrWeb fixed it. The virus was named Junkpoly/heur, but is the same as conficker.

Buuuuuuurrrrrrrrrrn @ virus makers.



posted on Apr, 26 2009 @ 05:17 PM
link   
reply to post by makeitso
 


There are more dynamics involved here than just a simple board posting forum and a few hundred reading these posts and possibly a few other hundred's reading similar post on various sites.

Please try and understand that its not about you and me, but its a global issue. This goes beyond the U.S. borders. So requests showing how they are intercepting is like asking the key codes to launch Nuke's. What has been fantasized is what our social order is going through. By excluding hypothetical scenarios is like asking a 2 year old to test pilot an experimental aircraft.



posted on Apr, 26 2009 @ 05:19 PM
link   

So even with your firewalls you were unable to stop them/us/whoever. Having only 1 or perhaps 2 attacks in the past 2 or 10 years does not exlude you from an ongoing possible intrusion.


They were open because someone installed a webserver and didn't update it. Typically worms get around networks because of open ports. Open ports (which includes security holes that MS patches) is how it spreads. Web servers are huge "omg atack me!" portals. They were not even supposed to have them installed. If they HAD updated them, they would have not been infected. So it WAS preventable.


>* It does not matter if you have a legal copy of MS, if they are connected to a mainframe then that can be injected. The code works on a multiple parameters. Since you did state that they are updated, then i doubt that your USER would go into the MS site to see if there are any new recent updates.


SMS patches are deployed automatically, the endusers doesn't have to do anything. Critical patches are applied as they are released by MS. Server patches are also done immediately, and unless a companies IT team sucks, no server should be open to malicious code.


>*Indeed people traveling for lengthy times overseas are the most vulnerable, but you should factor in that about 90% of all these people to tend to log into some form of network, either its a social or commercial or private interface to interact with their family's. This is what is most commonly monitored and obviously most vulnerable.


First of all, most companies that aren't as dumb as rocks save all data on a network, not a workstation. Some data obviously goes with a laptop on travel, but it's a tiny bit of data comparatively. Any laptop in the field is very open to infection (the laptops I set up for use in Iraq were just inundated with malware and viruses, once I got them back), but they are also not ON the network. They are not a threat to network security. Usually we check out these computers before putting them back on the network proper.

And to the advice about not getting updates: That's ludicrous. YOU NEED UPDATES! Especially the critical updates. What happens is: Someone finds a bit of MS code with a hole. For example, it might find a few bits in a protocol code that can be replaced with something else. You NEED the updates to correct those security issues. Ignoring updates is a way to guarantee you'll get infected, that's terrible advice.

At any rate, this virus was not anywhere close to some of the nastier ones I've seen over the years. STANDARD PROTECTION and updates WILL prevent it. It is completely removable. It's not some demon-spawn malware that will make your computer explode.



posted on Apr, 26 2009 @ 05:36 PM
link   

Originally posted by tristar

By excluding hypothetical scenarios is like asking a 2 year old to test pilot an experimental aircraft.


Are you admitting that your statement about conficker stealing data, etc. was hypothetical, not based on research of confickers programing?

[edit on 4/26/09 by makeitso]



posted on Apr, 26 2009 @ 05:37 PM
link   
reply to post by fleabit
 


Indeed, your answers are within the realm of reality.

So would gps intrusion be factored in as a signal of intrusion or would it be considered as distortion of signal based on algorithms set on pre defined or modified interception.



posted on Apr, 26 2009 @ 05:37 PM
link   

Originally posted by makeitso

Originally posted by tristar

By excluding hypothetical scenarios is like asking a 2 year old to test pilot an experimental aircraft.


Are you admitting that your statement about conficker stealing data, etc. was hypothetical, not based on research of confickers programing?

[edit on 4/26/09 by makeitso]


Simply putting it : NO


308

posted on Apr, 26 2009 @ 05:38 PM
link   
reply to post by tristar
 


Tristar, I can't understand your posts on this subject. So in an act of politeness I thought I would check if English is not your first language?

Also I'd like to check what you mean in this post, I've interpreted as best I can, but would appreciate that if I get it wrong you could set me straight ...

"Not so, it has successfully injected itself onto all known networks, however, this might be either through your mem chipset which after each restart it zeros itself out, but then it can feed itself information stating that its no longer able to scan so then the person /s re-visits your system, this obviously can be an automated process at any random time/day/date"

According to many security sites I've read it [conficker] only infects machines which run certain versions of the Windows operating system:

en.wikipedia.org...
www.confickerworkinggroup.org...

If I'm getting it right you also say that any system with a memory chip can get it. But when the system is powered off because memory is volatile the data is lost. The statement seems sound. However there is a slight flaw here, the virus actually delivers the payload by attaching code to a DLL usually svchost.exe or services.exe. Notice by the fact these files have an extension of EXE which is only used by DOS, OpenVMS, Microsoft Windows, ReactOS, and OS/2

However then you slightly contradict yourself by saying it can still phone home some information relating to scanning (By scan are you referring to the data mining you have been talking about?) How could it do this if the program is in the memory but the memory has been flushed?

Now here I get a bit lost ... You mention a person revisits the system. Do you mean a hacker? Also what do you mean by an automated process if it involves a human interaction?

I appreciate you asked makeitso for 48 hours to post your video which I'm eager to see but I also would like to re-iterate his call for links/sources which confirm what you say about Conficker, thanks for your time.



posted on Apr, 26 2009 @ 05:53 PM
link   
LOOK - I'm not good on IT and have never bothered with protection before (and I'm not just talking computers ;-) - giggidy giggidy - alllright ).

Can someone please clarify:

1) Why does someone want to attack my computer. The only things I have on there are photos and that's it. No bank info, no work files, no info that would be useful to anyone at all.

2) Is the Norton software I purchased today from PC World going to keep my computer safe? Or should I uninstall it back onto the CD ROM and take it back for a refund? (How do I get it back on the CD ROM, I'm not sure if I have a CD Writer installed in my system?)

3) If an attack does occur - how will I know?

4) What is the worst case scenario? I'd prefer to know what I'm guarding against and if it is really worth me spending more money?

5) If something happens can I not just claim on my home insurance?



posted on Apr, 26 2009 @ 05:54 PM
link   
reply to post by mel1962
 


Thank you, mel1962, my laptop passed it too. I really appreciate that you posted this link.

ATS is very crucial right now, to keep people informed...


308

posted on Apr, 26 2009 @ 06:07 PM
link   
reply to post by Dutty_Rag
 


1 - Personal passwords to get into private sites, they can then use this to try hack your online bank accounts or they may use your PC as a botnet to send spam or do something else entirely, their intentions are not yet known.

2 - It's not the best but will do a job for £70 I'd expect so much more though. AVG is free and has never let me down since I started using it. free.avg.com...

3 - You won't, that's the point. If you did know after something happened then you'd take steps to remedy what ever rogue action was going on in your system.

4 - Worst case, impossible to say, question is too ambiguous. If they get your banking login details and transfer your money somewhere, that's pretty bad.

5 - Novel idea, check your policy details if it doesn't mention this as an exclusion then you wouldn't lose anything by filing a claim for this. They would probably ask you to prove it happened and may want an engineer to examine your system.

Hope this helps, try reading the Wikipedia article for more answers.



posted on Apr, 26 2009 @ 06:09 PM
link   
reply to post by 308
 


But seriously? I only use the internet for light browsing - stuff like this site etc. No banking etc or shopping online. I don't trust it and wouldn't know where to start anyway.

With this in mind am I still at risk?



posted on Apr, 26 2009 @ 06:14 PM
link   
To put things in order, i WILL be answering all posts tomorrow, but out of respect i do need to inform current viewers that i do need to rest. That being said, i will be online tomorrow.

Again, A big applause to all who interacted with each other on this topic. Although i did have my reservations in respect to the level of people who would be posting within reference to this topic, i am amazed at the level of quality so far and look forward into interacting with many more viewers or posters in the not too distant future.

Sincerely

Tristar.


308

posted on Apr, 26 2009 @ 06:15 PM
link   
reply to post by Dutty_Rag
 


Impossible to say fella because we don't know what they plan to do with the Conficker virus. Just make sure your Windows system is fully up to date (the actual Windows patch number you need was mentioned by someone else on the thread) then it can't get into your system.




top topics



 
18
<< 1  2  3    5  6  7 >>

log in

join