-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Conficker Worm: April Fool’s Joke or Unthinkable Disaster?
,----[ Quote ]
| Conficker is a program that is spread by exploiting several weaknesses in
| Microsoft’s Windows operating system. Various versions of the software have
| spread widely around the globe since October, mostly outside the United
| States because there are more computers overseas running unpatched, pirated
| Windows. (The program does not infect Macintosh or Linux-based computers.)
|
| An estimated 12 million or more machines have been infected. However, many
| have also been disinfected, so a precise census is difficult to obtain.
`----
http://bits.blogs.nytimes.com/2009/03/19/the-conficker-worm-april-fools-joke-or-unthinkable-disaster/
Yesterday:
Got pwned by Conficker.B - Fought back & won
,----[ Quote ]
| Our WinXP lappy (used for business & personal) was infected by
| Conficker.B, rendering it a zombie-bot tethered to a botnet somewhere.
| In the end, the OS is replaced with Linux & the data are preserved.
| Complete functionality is restored... All while on the road.
|
| [...]
|
| After about a day and a half, I gave up trying to save the system and
| decided to try to /replace/ it. I began by using my Nokia N810
| (linux-based internet tablet[3]) to download onto its flash card:
|
| - unetbootin[4] and
| - the iso for gOS 3.1[5].
|
| I put the card into a usb reader and plugged it back into the infected
| lappy. Then, I:
|
| - loaded and ran unetbootin & gOS iso,
| - manually created some partitions via the gOS install,
| - installed gOS (applied patches, etc)
| - moved data from NTFS to ext3 partition
| - removed NTFS partition.
|
| At that point, we had a (trusted) computer with networking, productivity
| apps and our data again. The process (excluding download time) took
| about four hours.
`----
http://groups.google.com/group/alt.comp.freeware/msg/5d33c17417942d28
Recent:
Conficker update calls home more stealthily
,----[ Quote ]
| A new version of the Conficker (aka Downadup) worm is working around attempts
| to stifle its activity by dramatically increasing the number of domain names
| used to call home for fresh instructions.
`----
http://www.itwire.com/content/view/23813/1054/
Conficker gets upgraded with defenses
,----[ Quote ]
| Researchers at Symantec have discovered what could be a significant
| development in the ongoing Conficker worm saga: a new module that is being
| pushed out to some infected systems.
|
| In a couple of ways, the new component is designed to harden infected
| machines against an industry consortium that is actively trying to contain
| the prolific worm. For one, the update targets antivirus software and
| security analysis tools to prevent them from removing the malware. Not only
| does it try to disable anti-malware titles, it also goes after programs such
| as Wireshark and regmon.
`----
http://www.theregister.co.uk/2009/03/07/conficker_upgrade/
Conficker Worm Strikes Back With New Variant
,----[ Quote ]
| The Conficker/Downadup worm managed to slither onto millions of PCs worldwide
| at its height, but after it initially infected a computer it only really
| acted to spread itself, and didn't cause further harm. Until now.
|
| Symantec reports today that it has found a new variant of the virulent worm
| that will identify antivirus software or security analysis tools running on
| the infected PC, and attempt to shut down those programs. This is a strong
| signal that the worm's mysterious creators haven't abandoned their creation
| in the face of worldwide attention, as some in the industry have theorized,
| but may still have plans to make a buck off their work.
`----
http://www.pcworld.com/article/160854/confickervariant.html?tk=rss_news
Conficker may bring commercial web sites to their knees
,----[ Quote ]
| One of the most notorious pieces of recent malware is set to cause collateral
| damage to commercial web sites.
|
| [...]
|
| In practice, security researchers are able to analyse this function as easily
| as any other. And a coalition of ISPs and other players has been registering
| the domains Conficker will try to use before the worm's backers can get hold
| of them.
`----
http://www.itwire.com/content/view/23538/1054/
Virus strikes 15 million PCs
,----[ Quote ]
| A virulent computer virus has infected as many as 15 million computers around
| the world so far, according to various estimates.
|
| The virus -- a self-replicating computer worm known as Downadup, Conficker or
| Kido -- spreads across computer networks using Microsoft Windows software
| which have not been patched or updated properly. Microsoft issued a patch
| that fixes the vulnerability the virus exploits last October.
`----
http://www.upi.com/Top_News/2009/01/26/Virus_strikes_15_million_PCs/UPI-19421232924206/
Windows worm: Security experts waiting for activation of 'botnet'
,----[ Quote ]
| Computer experts are preparing to respond to further virus outbreaks and
| security threats posed by the Windows worm, known as Conficker, Kido and
| Downadup, which has infected more than 15 million PCs worldwide.
`----
http://www.telegraph.co.uk/scienceandtechnology/technology/microsoft/4345295/Windows-worm-Security-experts-waiting-for-activation-of-botnet.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknFfqoACgkQU4xAY3RXLo5TkQCgiwKRVhCHWa0cupvQZIFqaSSi
j+cAn22CU+dGsQK4RsAmKC7UUoj4MwUY
=OYj+
-----END PGP SIGNATURE-----
|
|
