-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Free tool to capture Conficker scans and probes
,----[ Quote ]
| To help companies detect Conficker scans and probes on their networks,
| MicroSolved is offering a free tool - a Linux-only HoneyPoint GUI. You can
| download the zip file from here.
`----
http://www.itworld.com/security/65031/free-tool-capture-conflicker-scans-and-probes
Conficker: The Windows Worm That Won't Go Away
,----[ Quote ]
| The Conficker worm continues to slither its way across the Internet, and a
| major update for the malware is looming on April 1. Just what will happen is
| anyone's guess, security researchers say, but there are malware removal tools
| and protections out there for users.
`----
http://www.eweek.com/c/a/Security/Conficker-The-Windows-Worm-That-Wont-Go-Away-529249/
"We need to slaughter Novell before they get stronger….If you’re going to kill
someone, there isn’t much reason to get all worked up about it and angry. You
just pull the trigger. Any discussions beforehand are a waste of time. We need
to smile at Novell while we pull the trigger."
--Jim Allchin, Platform Group Vice President, Microsoft
Recent:
Conficker and the botnet threat
,----[ Quote ]
| An extraordinary behind-the-scenes struggle is taking place between computer
| security groups around the world and the brazen author of a malicious
| software program called Conficker.
`----
http://www.taipeitimes.com/News/editorials/archives/2009/03/22/2003439063
The Conficker Worm: April Fool’s Joke or Unthinkable Disaster?
,----[ Quote ]
| Conficker is a program that is spread by exploiting several weaknesses in
| Microsoft’s Windows operating system. Various versions of the software have
| spread widely around the globe since October, mostly outside the United
| States because there are more computers overseas running unpatched, pirated
| Windows. (The program does not infect Macintosh or Linux-based computers.)
|
| An estimated 12 million or more machines have been infected. However, many
| have also been disinfected, so a precise census is difficult to obtain.
`----
http://bits.blogs.nytimes.com/2009/03/19/the-conficker-worm-april-fools-joke-or-unthinkable-disaster/
Got pwned by Conficker.B - Fought back & won
,----[ Quote ]
| Our WinXP lappy (used for business & personal) was infected by
| Conficker.B, rendering it a zombie-bot tethered to a botnet somewhere.
| In the end, the OS is replaced with Linux & the data are preserved.
| Complete functionality is restored... All while on the road.
|
| [...]
|
| After about a day and a half, I gave up trying to save the system and
| decided to try to /replace/ it. I began by using my Nokia N810
| (linux-based internet tablet[3]) to download onto its flash card:
|
| - unetbootin[4] and
| - the iso for gOS 3.1[5].
|
| I put the card into a usb reader and plugged it back into the infected
| lappy. Then, I:
|
| - loaded and ran unetbootin & gOS iso,
| - manually created some partitions via the gOS install,
| - installed gOS (applied patches, etc)
| - moved data from NTFS to ext3 partition
| - removed NTFS partition.
|
| At that point, we had a (trusted) computer with networking, productivity
| apps and our data again. The process (excluding download time) took
| about four hours.
`----
http://groups.google.com/group/alt.comp.freeware/msg/5d33c17417942d28
Conficker update calls home more stealthily
,----[ Quote ]
| A new version of the Conficker (aka Downadup) worm is working around attempts
| to stifle its activity by dramatically increasing the number of domain names
| used to call home for fresh instructions.
`----
http://www.itwire.com/content/view/23813/1054/
Conficker gets upgraded with defenses
,----[ Quote ]
| Researchers at Symantec have discovered what could be a significant
| development in the ongoing Conficker worm saga: a new module that is being
| pushed out to some infected systems.
|
| In a couple of ways, the new component is designed to harden infected
| machines against an industry consortium that is actively trying to contain
| the prolific worm. For one, the update targets antivirus software and
| security analysis tools to prevent them from removing the malware. Not only
| does it try to disable anti-malware titles, it also goes after programs such
| as Wireshark and regmon.
`----
http://www.theregister.co.uk/2009/03/07/conficker_upgrade/
Conficker Worm Strikes Back With New Variant
,----[ Quote ]
| The Conficker/Downadup worm managed to slither onto millions of PCs worldwide
| at its height, but after it initially infected a computer it only really
| acted to spread itself, and didn't cause further harm. Until now.
|
| Symantec reports today that it has found a new variant of the virulent worm
| that will identify antivirus software or security analysis tools running on
| the infected PC, and attempt to shut down those programs. This is a strong
| signal that the worm's mysterious creators haven't abandoned their creation
| in the face of worldwide attention, as some in the industry have theorized,
| but may still have plans to make a buck off their work.
`----
http://www.pcworld.com/article/160854/confickervariant.html?tk=rss_news
Conficker may bring commercial web sites to their knees
,----[ Quote ]
| One of the most notorious pieces of recent malware is set to cause collateral
| damage to commercial web sites.
|
| [...]
|
| In practice, security researchers are able to analyse this function as easily
| as any other. And a coalition of ISPs and other players has been registering
| the domains Conficker will try to use before the worm's backers can get hold
| of them.
`----
http://www.itwire.com/content/view/23538/1054/
Virus strikes 15 million PCs
,----[ Quote ]
| A virulent computer virus has infected as many as 15 million computers around
| the world so far, according to various estimates.
|
| The virus -- a self-replicating computer worm known as Downadup, Conficker or
| Kido -- spreads across computer networks using Microsoft Windows software
| which have not been patched or updated properly. Microsoft issued a patch
| that fixes the vulnerability the virus exploits last October.
`----
http://www.upi.com/Top_News/2009/01/26/Virus_strikes_15_million_PCs/UPI-19421232924206/
Windows worm: Security experts waiting for activation of 'botnet'
,----[ Quote ]
| Computer experts are preparing to respond to further virus outbreaks and
| security threats posed by the Windows worm, known as Conficker, Kido and
| Downadup, which has infected more than 15 million PCs worldwide.
`----
http://www.telegraph.co.uk/scienceandtechnology/technology/microsoft/4345295/Windows-worm-Security-experts-waiting-for-activation-of-botnet.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknMlnQACgkQU4xAY3RXLo6hRQCgrtNM5wOx+KTsLOqHHjpD7XFv
yUEAoJCbki0mg9NIzlhR7K0bWcUccbqf
=HqSq
-----END PGP SIGNATURE-----
|
|
