Three Million Hit By Windows Worm: Updated

[The_root_of_all_evil]

Three Million Hit By Windows Worm: Updated

October 2008 was the first sighting of the malicious program known as Conficker, Downadup, or Kido [http://vil.nai.com/vil/content/v_153464.htm], which has now infected more than three million machines.

The worm, which attacks through the Server Service Vulnerability [http://vil.nai.com/vil/content/v_vul40728.htm] was patched in one of the latest Windows updates (if you didn't get it, the MS08-067 patch is available from the Microsoft Web Site [http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx]).

Without going into the technical details of it, the worm latches onto "Services.exe" and propagates a random file forcing you to run it on the next reboot. It then damages your last system restore point (making the worm harder to get rid of), and sets up a download to get more infected files.

It doesn't just go looking for files on one website though, but hundreds, which is why tracking it is so hard; it also keeps an "ear" out for anti-viruses, so it can download itself if it's ever removed.

Two weeks ago, the virus "mutated" to become even harder to catch, and the major antivirus services are struggling to keep up. Complicating matters further is the virus' ability to track your IP address to keep you infected and block you from security websites.

The patch, however, shuts it down at the source, but with so many computers out there not being patched regularly, there are still plenty of CDs, DVDs, hard drives and memory sticks to infect.

Luckily, technicians have managed to reverse engineer the virus so they can see which machines are infected, but because of the hacking laws, they can't disinfect the machines remotely.

Nearly 4,000 machines in the U.S. are infected - better make sure yours isn't one of them.

Source: BBC [http://news.bbc.co.uk/1/hi/technology/7832652.stm]
(image) [http://www.flickr.com/photos/jmarty/1804061993/]

Update January 19th : According to the BBC [http://news.bbc.co.uk/1/hi/technology/7832652.stm] numbers are now skyrocketing. Last count by F-Secure [http://www.f-secure.com/] indicates there are now 8.9 million machines infected. Sophos [http://www.sophos.com/], one of the main computer security support networks, have admitted that just having the patch doesn't make you safe, as the virus can also be spread by memory sticks, so there's a real need for antivirus software as well.

Permalink

 

[new_age_reject]

The worms are getting better and better, but then again so are the people detecting, deciphering and destroying them.
To me the chances of you getting this seem quite unlikely so I'm not too bothered about it.
It would have to be some uber, super bug to be a major dent in the world of computers.

 

[The_root_of_all_evil]

The worms are getting better and better, but then again so are the people detecting, deciphering and destroying them.
To me the chances of you getting this seem quite unlikely so I'm not too bothered about it.
It would have to be some uber, super bug to be a major dent in the world of computers.

38,000 infections in China sound like a dent?

 

[Nimbus]

Um, you never metioned exactly what the virus dose. Seriously, what are the negative effects? BSODs? Breaking your internet connection? Wiping your hard drive? What dose it do?

EDIT: Found it myself, but I really think it should have been in the news post.

Users being locked out of directory

Access to admin shares denied

Scheduled tasks being created

Access to security related web sites is blocked.

 

[new_age_reject]

The worms are getting better and better, but then again so are the people detecting, deciphering and destroying them.
To me the chances of you getting this seem quite unlikely so I'm not too bothered about it.
It would have to be some uber, super bug to be a major dent in the world of computers.

38,000 infections in China sound like a dent?

Admittedly I didn't read the BBC article so I missed out on the figures.
This one is a lot larger than I thought and has become a big problem, but generally these things get stamped on the head before they do serious damage.

 

[The_root_of_all_evil]

Um, you never metioned exactly what the virus dose. Seriously, what are the negative effects? BSODs? Breaking your internet connection? Wiping your hard drive? What dose it do?

Included in the title Nimbus, click on the name of the virus.

 

[Break]

It's a terrible event, but that virus sounds amazing. It's funny that people put so much effort into designing things that are only good for mayhem. I mean, it's not as if this kind of virus actually benefits the guy who wrote it at all, does it?

 

[mattttherman3]

So according to the report I guess Vista is unaffected, good for me.

 

[Wicky_42]

There is in fact quite a backstory behind this, with the guy the wrote the virus being some underpaid code monkey in Microsoft, who's dire warnings about the vulnerability Services.exe went unheeded by the money-grabbing beaurocrats for whom he worked. Eventually fired for making a fuss about a simple potential exploit, he set out to seek his revenge against the colosal corporation by exploiting the very weakness he had discovered.

HOWEVER, an underground movement of anti-windows hackers hear about this renegade programmer and sought to discover the secrets of this potential avenue of attack. Sending in the sexiest female member of the group, they sought to befriend and seduce the lonely programmer, then steal his secret for themselves. All was going well until, suspicious at his new friend's long absences, the programmer followed her back to the hacker's hangout. However, because he was a programmer, not a ninja, he was quickly detected. The hackers decided to lay their plans before him, seeking his willing assistance in crippling the Microsoft Juggernaut - however, the scale of the hacker's planned attack and the devastation it would have caused was titanic, and in that moment the lowly programmer realised how naive he had been with his petty plans, and that out here a war of anarchy was being fought, with thousands of people's lively hoods on the line. Not only that, but his new-found 'friendship' had all been a lie, a charade.

Betrayed and fearful of the world he had stepped into, the programmer fled the hackers in a dramatic rooftop chase, eventually loosing them in a death-defying 10 story dive across a street into a pillow factory. Unfortunately, having not seen enough gangster films in his time, he forgot that they knew where he lived, and was quickly re-captured by the hackers as he went home. They held him prisoner in a basement for a straight month, forcing him to complete a virus with the potential to physically destroy computers across the world by exploiting the Services.exe weakness. Eventually it was completed, and, having no further use for the poor programmer, murdered him.

However, they did not realise that the virus the programmer had created, whilst apparently devastating, was in face crippled with just a few exquisitely written lines of code, a masterpiece of deception that was to be the programmer's last heroic act to save the world. Furiously the hackers realised their folly as the virus did little but spread and protect itself.


Or of course, something else. But that would be pretty funky.

 

[Mariena]

Oh. Funny.. I never noticed anything. Three million, eh. Sucks to be them.

Is this actually a worse "plague" than the famous Blaster virus/worm/whatever?

 

[The_root_of_all_evil]

Backstory

Damn, if that's true, that would make a great film.

 

[Sentient Muffin]

Backstory

Damn, if that's true, that would make a great film.

http://www.imdb.com/title/tt0337978/

 

[The_root_of_all_evil]

Backstory

Damn, if that's true, that would make a great film.

http://www.imdb.com/title/tt0337978/

*laughs*

 

[tthor]

is this that MS AntiSpyware 2009 virus?
all i know is it was this virus that destroyed my last computer, and forced me to use this crappy old one of mine x__x

 

[johnman]

is this that MS AntiSpyware 2009 virus?
all i know is it was this virus that destroyed my last computer, and forced me to use this crappy old one of mine x__x

No its not. I work in a computer repair shop and everyweek we get machines infected with that. It is a pain to get rid of and more of a threat than this worm. This worm dosnet seem to cause to much direct damage. Antivirus asks for money which some fools pay.
Reinsatlling windows is easiest way to get rid of it

 

[DigitalSushi]

is this that MS AntiSpyware 2009 virus?
all i know is it was this virus that destroyed my last computer, and forced me to use this crappy old one of mine x__x

No its not. I work in a computer repair shop and everyweek we get machines infected with that. It is a pain to get rid of and more of a threat than this worm. This worm dosnet seem to cause to much direct damage. Antivirus asks for money which some fools pay.
Reinsatlling windows is easiest way to get rid of it

I managed to get rid of it when my nephew went to a pretend club penguin site, Antivirus pro doesn't allow the admins to install or update antivirus programmes, so what I did was create a new account, restart, add/remove programmes on the fucker, RESTART, install norton (the lesser of two evils) to clear the PC, RESTART, deleted the new account i'd created purely for the purpose of fucking the virus's shit up.

and got hold of absolutly every free copy of antivirus on the net, and ran them all to grab hold of all the straggling dodgy cookies and what not.

It took about 2 hours of restarts and deleting that fucker whereever I saw it, but hey at least my porn is intact.

Sush (coldstorage) 1 - Hackers on Steriods - NIL!

 

[FallenRainbows]

The worms are getting better and better, but then again so are the people detecting, deciphering and destroying them.
To me the chances of you getting this seem quite unlikely so I'm not too bothered about it.
It would have to be some uber, super bug to be a major dent in the world of computers.

38,000 infections in China sound like a dent?

No not when there is like a bizillion computers.

 

[johnman]

is this that MS AntiSpyware 2009 virus?
all i know is it was this virus that destroyed my last computer, and forced me to use this crappy old one of mine x__x

No its not. I work in a computer repair shop and everyweek we get machines infected with that. It is a pain to get rid of and more of a threat than this worm. This worm dosnet seem to cause to much direct damage. Antivirus asks for money which some fools pay.
Reinsatlling windows is easiest way to get rid of it

I managed to get rid of it when my nephew went to a pretend club penguin site, Antivirus pro doesn't allow the admins to install or update antivirus programmes, so what I did was create a new account, restart, add/remove programmes on the fucker, RESTART, install norton (the lesser of two evils) to clear the PC, RESTART, deleted the new account i'd created purely for the purpose of fucking the virus's shit up.

and got hold of absolutly every free copy of antivirus on the net, and ran them all to grab hold of all the straggling dodgy cookies and what not.

It took about 2 hours of restarts and deleting that fucker whereever I saw it, but hey at least my porn is intact.

Sush (coldstorage) 1 - Hackers on Steriods - NIL!

I managed to get rid of just by running Spy bot sreach and destory, but nornmally its much harder. I did somthing similar to you but it didnt work, it all depends on what version you get.

 

[DigitalSushi]

latest news on conficker is that it has a countdown running, it'll activate on 1 st april, which is in two days time.

Sophos admit they dont know what it'll do on tuesday, but they do know the virus has something like 500,000 servers it can connect to for payload purposes, as opposed to the original estimate of 250.

Best get that update people if you haven't done so already.