Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Gibson lets a computer get infected with Conficker - to observe its behaviour

  • 25-04-2009 9:56am
    #1
    probe
    Closed Accounts Posts: 2,055 ✭✭✭


    Listen: http://www.podtrac.com/pts/redirect.mp3/aolradio.podcast.aol.com/sn/SN-193.mp3
    (recorded 2009.04.22)

    Show notes: http://www.grc.com/sn/sn-193.htm

    1) If your PC is infected, Conficker stops Windowsupdate from working so if http://update.microsoft.com/microsoftupdate/ works on your machine, it probably is not infected, yet. It also stops many other types of security software from running.

    2) The guy or team behind it are probably based in Ukraine - because conficker checks to see if a PC has a Ukrainian keyboard - if it has, it doesn't run on that machine. It also checks IP numbers against a geographic IP number database, and does not attack IP numbers allocated to Ukraine.

    3) It looks for removable drives (eg USB drives), and installs itself on these, ready to replicate itself when the drive is installed on another machine.

    4) Conficker keeps "phoning home" in stealth mode to get the latest updates to itself designed to foil security patches etc.

    5) It changes its file date to the same date as some Microsoft system files (kernel32) on the machine so it doesn't stick out.

    6) Make sure UPnP (universal plug and play) is switched off in your router - otherwise if your machine gets infected, it will open up your router ports using UPnP.

    7) Switch off Print and file sharing in Windows if you don't need it. eg if your home network runs on wired Ethernet and you require file sharing, switch off print and file sharing for WiFi, to reduce the risk of picking up Conficker when you are using public WiFi hotspots.

    8) It looks as if Conficker might turn into some sort of protection racket. The "E" variant of Conficker seems to have some anti-virus popup - might turn into a "buy our Conficker remover" link.... If it does, I don't think it would be advisable to give them a payment card number :)


Comments

  • #2
    zing zong
    Registered Users, Registered Users 2 Posts: 291 ✭✭zing zong


    according to this http://www.tgdaily.com/content/view/42101/108/ it has cost $9.1billion in damages, the thing is all i have seen so far are reports from groups and companies about the worm, i havent seen anything online from regular people saying they have been infected

    have any of you gotten it(as far as you know)? or know anybody that has, or maybe a link to a regular person that has gotten it?


  • #3
    RoadKillTs
    Closed Accounts Posts: 1,710 ✭✭✭RoadKillTs


    Haven't seen any myself. Am I right in saying it still hasn't dropped it's payload?

    At least there is some removal tools around.


  • #4
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    I'm amazed that none of you have actually taken a sample of conficker and published an analysis of how it works.

    What is there so difficult to understand?

    Lets face it, you think I'm insane for saying its a product of AV companies, but yet you can't neutralize it? what a joke.

    AV companies need AV Writers.

    Most, if not all of the AV writers work for AV companies.

    Conficker, there is absolutely nothing new in it to report.
    Its a piece of ****e..that we all saw in 2001 with ...you find out SHEEP.

    Why don't you ****ing wake up?

    well...it isn't anything we haven't seen long before, put it that way.
    there were probably more sophisticated viruses being written 8 years ago than there are now, MistFall by Z0MBiE being just 1 example, if something like MistFall was released..we would be in serious trouble.

    these new viruses always seem to get released at the start of the year too..

    conficker this year, mydoom in 2004, slammer in 2003, storm in 2007

    if you look up hybris you'll see that it had been written 9 years ago, was capable of signing updates/modules using RSA.

    In proof of concept viruses 4-5 years ago, they used ECC instead since the keys were smaller with equivilent strength or better than RSA.

    anyway, point is, all these so-called new threats and "ideas" are really nothing new, nothing already done 10-15 years ago..no reason why these "problems" can't be solved.

    but of course, somebody has to get paid..nothing wrong with that I suppose.


  • #5
    El Weirdo
    Registered Users, Registered Users 2 Posts: 11,647 ✭✭✭✭El Weirdo


    zing zong wrote: »
    according to this http://www.tgdaily.com/content/view/42101/108/ it has cost $9.1billion in damages, the thing is all i have seen so far are reports from groups and companies about the worm, i havent seen anything online from regular people saying they have been infected

    have any of you gotten it(as far as you know)? or know anybody that has, or maybe a link to a regular person that has gotten it?
    I've got the bugger. Just discovered it tonight when I realised that my windows hadn't updated in a while. Tried to get onto the MS website and couldn't. Same for several other websites like McAfee, AVG, etc.

    Downloaded the Stinger program from McAfee on my work laptop and ran it. It says it can't repair the item.

    Its also on my phone and usb stick.

    Any help would be appreciated as I'm somewhat of an amateur when it comes to this type of thing.

    [edit]Got it sorted. Wasn't too hard actually.[/edit]


Advertisement