Conficker
- Thread starter Pimppeter2
- Start date
Recommended Videos
I believe this one mostly spread through devices like external HDs and Jump drives. Now as for how they got on those in the first place is beyond me.Bored Tomatoe said:
I seem to be holding the homestead fairly well. None of the known signs has shown up on these computers or devices. Still, a few last minute preps wouldn't hurt...
actually, this is a worm, not a virus. the main difference is that worms are more advanced. a virus will simply float along in cyberspace and attempt to infect whatever computer it comes across. a worm will actively probe cyberspace looking for whatever computers it has been programmed to infect, usually they are programmed to look for holes or vulnerable spots in your anti-virus software, and will infect your computer if they detect a vulnerability. just keep your anti-virus and windows protection up to date and activated.Bored Tomatoe said:
this will be so much easier to do when microsoft finally releases their own anti-virus software like they promised...
The Worm is spread through the extremely broken RPC service run on windows. RPC is short for Remote Procedure Call. Pretty much allowing a remote host to run commands native on the system. Microsoft usually uses it to push updates or to poll systems if they are a valid copy of windows.
It normally runs as a listener on port 135 or 445 on a host. Very rarely will you ever see it with an established link.
The problem with the service is that it has been patched about 3400000 times in the past, and yet there are still vulnerabilities for it. One would think that Microsoft would come out with a better way to push updates and check for valid software. But they don't. And don't think that you can disable the service and stop it from going on. It is loaded as a kernel level process on a windows system, if you were to disable it, one would not be able to boot to windows (in theory).
Ensuring that you keep a good security policy is of utmost priority. Backing up important files to external media, ensuring windows is properly updated, and that you have a good and up-to-date Anti-virus application installed is a great way to protect oneself. Also having administrative accounts password protected is also another important security measure.
There are a lot of unnecessary services running on a windows machine, but for someone who doesn't have proper knowledge could seriously muck up their system by disabling required processes. Windows has, and probably will always be vulnerable; which is frustrating for security professionals (like I'm training to become) due to it being the most prolific operating system, "necessity" for backwards compatibility (B.C. all the way back to windows 3.1? WHYYYYY!) and the open nature of the system does not help at all.
God I hope Microsoft pulls their head out of their ass and come up with a fucking decent operating system, or fucking fall of the face of the earth and let real operating systems take the forefront (read: Unix Based)
It normally runs as a listener on port 135 or 445 on a host. Very rarely will you ever see it with an established link.
The problem with the service is that it has been patched about 3400000 times in the past, and yet there are still vulnerabilities for it. One would think that Microsoft would come out with a better way to push updates and check for valid software. But they don't. And don't think that you can disable the service and stop it from going on. It is loaded as a kernel level process on a windows system, if you were to disable it, one would not be able to boot to windows (in theory).
Ensuring that you keep a good security policy is of utmost priority. Backing up important files to external media, ensuring windows is properly updated, and that you have a good and up-to-date Anti-virus application installed is a great way to protect oneself. Also having administrative accounts password protected is also another important security measure.
There are a lot of unnecessary services running on a windows machine, but for someone who doesn't have proper knowledge could seriously muck up their system by disabling required processes. Windows has, and probably will always be vulnerable; which is frustrating for security professionals (like I'm training to become) due to it being the most prolific operating system, "necessity" for backwards compatibility (B.C. all the way back to windows 3.1? WHYYYYY!) and the open nature of the system does not help at all.
God I hope Microsoft pulls their head out of their ass and come up with a fucking decent operating system, or fucking fall of the face of the earth and let real operating systems take the forefront (read: Unix Based)
Backing up everything might not help..
Like it has been stated, it is a worm.. Which means it could just not do anything april 1st.. Then a week later.. It really goes active..
Like it has been stated, it is a worm.. Which means it could just not do anything april 1st.. Then a week later.. It really goes active..
People are freaking out way too much about this. So long as you have your antivirus software and OS up to date you'll be perfectly fine.
And for those screaming armagedeon don't realy know what they're talking about.
We don't even know what the worm will do. It might use resources and sell it online much like what amazon does for their pc rental service. Or it could steal infomation.
From what we DO understand its an incredibly complex system that'll use some sort of built in P2P networking to spead it's mayhem, what ever that may be.
And for those screaming armagedeon don't realy know what they're talking about.
We don't even know what the worm will do. It might use resources and sell it online much like what amazon does for their pc rental service. Or it could steal infomation.
From what we DO understand its an incredibly complex system that'll use some sort of built in P2P networking to spead it's mayhem, what ever that may be.
http://i.gizmodo.com/5191976/11th+hour-fix-may-protect-huge-corporate-networks-from-conficker-worms-nastiness
http://www.doxpara.com/?p=1285
http://arstechnica.com/security/news/2009/03/new-method-for-detecting-conficker-discovered-debuted.ars
If you have all the latest updates, you should be fine, if your not sure about anything, just unplug your internet tomorrow.
http://www.doxpara.com/?p=1285
http://arstechnica.com/security/news/2009/03/new-method-for-detecting-conficker-discovered-debuted.ars
If you have all the latest updates, you should be fine, if your not sure about anything, just unplug your internet tomorrow.
shut the system down and clean all the crap out and give a good dose of anti virus that will help that or just start giving hard time to these little fucks and maybe they'll get the hint and not put so much faith in computers after all it's just a machine
actually, you might want to be a little selective as to what you back up, i.e. only the essentials and you should try to open/operate all of the stuff first. because the worm will attempt to hide itself, simply backing up everything means that if your computer is already infected, then you will be saving a copy of the worm with all of your backed up files, ready to re-infect your computer all over again, even if you wipe your hard drive.UltimateXShadow said:
Now, supposedly, if you have Conficker, you can't access Microsoft owned sites. Try going to one. Should be a good way to check.
Also, as Vauban said, if you have the latest software updates, you shouldn't be vulnerable. I read in a newspapaer article that if you DO have it, then you can't download anti-virus software to combat it. Apparently, this thing is indeed nasty.
Also, as Vauban said, if you have the latest software updates, you shouldn't be vulnerable. I read in a newspapaer article that if you DO have it, then you can't download anti-virus software to combat it. Apparently, this thing is indeed nasty.
Well if this affects my computer those jack wads who made the virus had better hope they don't run into me.
They would get a good paddling before I turn them into Microsoft.
They would get a good paddling before I turn them into Microsoft.
So has anyone heard any stories about this virus affecting anyone's computers or even existing? I haven't heard anything and my computer's fine.
I haven't heard anything either, and I've seen searching news sites to what it did.ElephantGuts said:
So the guess on what it does can still be represented by throwning knives with problems writen on them and seeing which on stabs you.
Truth is, if someone wants to get into your computer, there is nothing you can do to stop them unless you are on par with what the hacker can do.
That's because of how bad it can potentially be, so far no one has any idea what it actually does. As far as I know atleast.bookboy said:
I've heard about this, and... well... Better safe than sorry.
Gonna start up every Anti Virus available.
Gonna start up every Anti Virus available.