Anyone else watch 60Minutes about the Conficker Worm?

[Kerberos]

http://www.cbsnews.com/stories/2009/...n4897053.shtml





Don't know about everyone else but to ME this sounds like a HUGE problem waiting to happen.

[Otter]

I didn't see the 60 Minutes segment but I've read quiet a bit on the worm on how it's evolving. It's both amazing and scary how the writers of this have basically used modern techniques used by Microsoft and every other software developer to allow the code to continue to evolve.

This wasn't written by some 17 year old kid in his basement. These people knew what they were doing x10. Going by the code April 1st is the next day it's due to patch/update itself.

I work as wireless network admin and wear another hat as a system admin for mostly UNIX based apps so there's not much I can do except join the interns during down time to find the non-automated PCs and check for full updates.

Should be interesting. Microsoft has a bounty out for the writers which should motivate some people to help track them them down.

On April 1st, 2009 - Skynet *cough*, excuse me, Conficker became self-aware...

[007]

I watched that too. I have to admit, it does concern me.

[Gonzo]

This is one of the biggest reasons I never do any banking online.

[Kerberos]

Quote:

Originally Posted by Gonzo

This is one of the biggest reasons I never do any banking online.

The wife closed accounts on Amazon and other places she does ordering from online and from now on we will just fill things out as we need to.

I set both of our computers to delete form data as that is what they are looking for IIRC?

Huge pain in the ass but it beats the alternative.

[Buehler445]

My dad saw it and gave me the doom and gloom.

I do have a question for you guys though. (Please excuse the following, it came from my dad and he is pretty clueless with computers) but Dad said that the worm is used to look at what you are seeing on your screen (I don't know if that is it, but some sort of data being passed to the creator about your financial data). So then when you complete activities on your screen, they can "see" it and keep your info.

Well, my question is that whatever data they are getting has to be sent somewhere, right? Is there, then, a way to see where the data was sent? That would in turn point at least to a direction of where the culprit is? If it is that big of a deal, I'd anticipate somebody working on figuring out who it is.

all that info came from my dad, so it may be way off base.
Posted via Mobile Device

[Demonpenz]

Quote:

Originally Posted by Buehler445

My dad saw it and gave me the doom and gloom.

I do have a question for you guys though. (Please excuse the following, it came from my dad and he is pretty clueless with computers) but Dad said that the worm is used to look at what you are seeing on your screen (I don't know if that is it, but some sort of data being passed to the creator about your financial data). So then when you complete activities on your screen, they can "see" it and keep your info.

Well, my question is that whatever data they are getting has to be sent somewhere, right? Is there, then, a way to see where the data was sent? That would in turn point at least to a direction of where the culprit is? If it is that big of a deal, I'd anticipate somebody working on figuring out who it is.

all that info came from my dad, so it may be way off base.
Posted via Mobile Device

The problem comes in when they have to unlock the encription which can take days. It is 199 over 200 encryption which is nearly impossible to unlock. That is why we are going to get Hugh Jackman with an earing with holly barry's boobies to fix it

[phisherman]

Quote:

Originally Posted by Buehler445

My dad saw it and gave me the doom and gloom.

I do have a question for you guys though. (Please excuse the following, it came from my dad and he is pretty clueless with computers) but Dad said that the worm is used to look at what you are seeing on your screen (I don't know if that is it, but some sort of data being passed to the creator about your financial data). So then when you complete activities on your screen, they can "see" it and keep your info.

Well, my question is that whatever data they are getting has to be sent somewhere, right? Is there, then, a way to see where the data was sent? That would in turn point at least to a direction of where the culprit is? If it is that big of a deal, I'd anticipate somebody working on figuring out who it is.

all that info came from my dad, so it may be way off base.
Posted via Mobile Device

it's got a keystroke logger. this is how they know where you're going.

whatever you type, goes into a text file that they can see.

[Fish]

http://www.microsoft.com/technet/sec.../ms08-067.mspx

ANSWERS TO COMMON QUESTIONS

Q: What will happen on April 1, 2009?
A: Based on our collective technical analysis, we've determined that systems infected with the latest version of Conficker will begin to use a new algorithm to determine what domains to contact. We have not identified any other actions scheduled to take place on April 1, 2009.

Q: Will an updated version of Conficker go out to already-infected systems on April 1, 2009?
A: It is possible that systems with the latest version of Conficker will be updated with a newer version of Conficker on April 1, 2009 by contacting domains on the new domain list. However, these systems could be updated on any date before or after April 1, 2009 as well using the "peer- to-peer" updating channel in the latest version of Conficker.

Q: Should the general public be alarmed? Why or why not?
A: No, the general public should not be alarmed. Most home users have been protected by Microsoft Security Update MS08-067 (http://www.microsoft.com/technet/sec.../ms08-067.mspx) being applied automatically.

Q: What should people who are worried about April 1, 2009 and Conficker do?
A: We recommend that home users who have not yet enabled automatic updates do so and ensure their security software is up to date with the latest antivirus signatures for Windows Live OneCare, or the antivirus product they use. We recommend that enterprise customers continue to focus on the guidance from Microsoft and take multiple measures to minimize the risk of getting infected:

• Fully Install MS08-067 (http://www.microsoft.com/technet/sec.../ms08-067.mspx) on all Windows computers in your environment. Because 100 percent deployment can be challenging in diverse enterprises, the next defense-in-depth steps can help minimize the risk too.
• Use an antivirus product that has solid detection of Conficker. Such an antivirus program should be able to block the worm from copying itself to other machines. For example, Microsoft Forefront Client Security and Windows Live OneCare can detect and block this worm from the very first day of its discovery.
• Use strong passwords both for any user account and also for any file share in your environment.
• Make sure to use only AutoPlay options that you are familiar with as other options may have been added by malicious software. Some customers may prefer to disable the AutoRun functionality altogether.
• Evaluate additional security best practices in accordance with their organization's policies and procedures.

[Otter]

Quote:

Originally Posted by Demonpenz

The problem comes in when they have to unlock the encription which can take days. It is 199 over 200 encryption which is nearly impossible to unlock. That is why we are going to get Hugh Jackman with an earing with holly barry's boobies to fix it

The reason the people working on this are having such a hard time tracking where the worm is getting it's updates from:

-- it cleverly creates thousands of false domains daily to throw off investigators. On the update day, it selects 500 correct domains out of the 50,000 candidates to download malware and updates from.

Just to relate on why they can't just track down the hosts easily.

[Buehler445]

Quote:

Originally Posted by phisherman

it's got a keystroke logger. this is how they know where you're going.

whatever you type, goes into a text file that they can see.

That makes more sense. I didn't figure it was actually viewing what is on your screen. So the text file stays on your computer and they just have access to view it?
Posted via Mobile Device

[Molitoth]

I watched 60 minutes about it. Pretty scary.

Those bastards also need to stop poisoning African Lions. =/

And Lebron James is a maniac.

[Kerberos]

Quote:

Originally Posted by Molitoth

And Lebron James is a maniac.

He was amazing in that interview with his full court TOSS that was ALL NET.

And the SOB is only 24? He may be better than MJ by the time he is done?

[PastorMikH]

So, if the russian kids can get away with hacking our systems, how come we don't have people infecting their systems with stuff that fries their HDs?

[Molitoth]

Quote:

Originally Posted by Kerberos

He was amazing in that interview with his full court TOSS that was ALL NET.

And the SOB is only 24? He may be better than MJ by the time he is done?

You can be better or worse in many areas, for example:

James better stats then MJ? for sure if he stays healthy.
James better performer in "clutch" situations then MJ? we will have to wait and see. (Kobe is close, imo)