PDA

View Full Version : Conficker Worm Discussion (esp. 1 April, 2009)



Grant A.
March 29th, 2009, 06:11 PM
A lot of buzz has been generated in the media lately over Conficker and the mysterious april fools day date for it. People have said that Conficker could do a number of different things on April fools day.

I think that it is a bunch of hype.

Discuss

Giant Speck
March 29th, 2009, 06:12 PM
April is the fourth month of the year.

Grant A.
March 29th, 2009, 06:12 PM
April is the fourth month of the year.

Oops, I wasn't paying attention when I typed that. Could someone please change it to 4/1/09? >.<

jimi_hendrix
March 29th, 2009, 06:21 PM
i think its a decent threat

but we run linux!

So Tough
March 29th, 2009, 06:22 PM
Not my problem

MikeTheC
March 29th, 2009, 07:06 PM
My Vista partition is up to date, and everything else isn't Windows.

I'm also very, very careful where I surf and what I do on the Windows partition, simply because I do school work and cannot afford to have it get compromised. Hopefully within the next few months I'll be upgrading other hardware and then (while I'll still practice safe habits when in Windows) it will no longer matter so much.

Mohamedzv2
March 29th, 2009, 07:34 PM
It is way overhyped. Mostly only 3rd word countries will get the virus cause most developed countries don't have pirated windows or unpatched machines.

jimi_hendrix
March 29th, 2009, 07:45 PM
wrong thread

Sealbhach
March 29th, 2009, 08:42 PM
It did a similar update on January 1st. We're all still here.


.

Polygon
March 29th, 2009, 08:45 PM
all its doing is just updating itself on that date, it doesn't mean the world is going to end, its just going to make it harder for researches and all that to corner/defeat it.

and its not just third world countries,, there are plenty of people who never update their computers, which i have no idea how that is possible considering how aggressive microsoft is about forcefully updating and even restarting your computer if it has to.

Chemical Imbalance
March 29th, 2009, 08:47 PM
It isn't just 3rd world countries :):

Britain's Parliament

http://www.theregister.co.uk/2009/03/27/conficker_parliament_infection/

stchman
March 30th, 2009, 12:53 AM
I watched the 60 Minutes special "The Internet is Infected". They talk about how bad the Conficker Worm is. They would not state the fact that Conficker worm pretty much only affects Windows.

When they went to Symantec the lead engineer uses Ubuntu for testing. I guess they know as well Ubuntu is not going to be affected by Conficker.

I just wish they would have said Linux and OS X is immune and Windows XP and Vista are the susceptible OS.

chris200x9
March 30th, 2009, 12:59 AM
how do you know, how do you KNOW? Maybe he uses slackware with gnome....and just likes the ubuntu logo :P

myusername
March 30th, 2009, 01:07 AM
or perhaps we were all drugged and had the same trip

Mehall
March 30th, 2009, 01:12 AM
Perhaps they don't want to admit another OS admits to the public.

If there is an OS that Symantec say is unaffected, more people will look into it.

More people look into it, less people buy Symantec products. Even ignoring Microsoft influence, it's in Symantec's best interest not to mention something which will affect their profit margins.

Sealbhach
March 30th, 2009, 01:13 AM
I hate the way they always say "millions of computers" rather than millions of Windows computers".


.

stchman
March 30th, 2009, 01:14 AM
how do you know, how do you KNOW? Maybe he uses slackware with gnome....and just likes the ubuntu logo :P

That is possible...........but unlikely.

stchman
March 30th, 2009, 01:15 AM
Perhaps they don't want to admit another OS admits to the public.

If there is an OS that Symantec say is unaffected, more people will look into it.

More people look into it, less people buy Symantec products. Even ignoring Microsoft influence, it's in Symantec's best interest not to mention something which will affect their profit margins.

Really, you never hear of Norton AV for Linux.

stchman
March 30th, 2009, 01:16 AM
I hate the way they always say "millions of computers" rather than millions of Windows computers".


.

AMEN, they would not touch that with a 50 ft pole. Not even a peep. They want everyone to think that all PCs are at risk. Complete BS.

I-75
March 30th, 2009, 01:19 AM
AMEN, they would not touch that with a 50 ft pole. Not even a peep. They want everyone to think that all PCs are at risk. Complete BS.

Teh prolly don't want to offend the advertisers....MSFT might be one.

linuxisevolution
March 30th, 2009, 01:25 AM
or perhaps we were all drugged and had the same trip
Like in your avatar? :)

Mehall
March 30th, 2009, 01:31 AM
Really, you never hear of Norton AV for Linux.

Really, you ever hear of anyone who buys it?

Maybe at first, when you just switch to Linux, but after even a short time, you realise we're immune for a few reasons.

One is, undoubtedly, market-share. We're targeted less. The other, however, is design. We're better designed than our Windows cohorts. We have security built-into our OS from the very kernel, not adding on Windows Firewall and Windows Defender and UAC.

3startuna
March 30th, 2009, 01:35 AM
I hate the way they always say "millions of computers" rather than millions of Windows computers".


.
Yup same way dell and other big companies keep trying to stuff windows down everyone's throats.

I guess it would be too dangerous for symantec to come out and say how crappy and susceptible windows really is.

tbroderick
March 30th, 2009, 02:05 AM
108024

skaramanger
March 30th, 2009, 02:07 AM
Perhaps they don't want to admit another OS admits to the public.

Yeah possible, but unlikely. They only have so much time. They could of just edited it out.

If there is an OS that Symantec say is unaffected, more people will look into it.

More people look into it, less people buy Symantec products. Even ignoring Microsoft influence, it's in Symantec's best interest not to mention something which will affect their profit margins.

Definitely, but this story isn't necessarily the place to tell the story of Linux and by extension the free software movement

Maybe if enough of us send email to 60 minutes, they can do a whole segment on Ubuntu..:> Well ok Linux and by extension Free Software in general. There they could go into detail the newer distros ease of use and ever growing user base and about what doesn't affect Linux and M$C OS-X machines. They could talk to the major linux vendors or perhaps find a "Hacker" to interview in Russa or Eastern Europe and ask them what OS they use for internet use? I'll bet it's not Windoze anything.

skaramanger

Sealbhach
March 30th, 2009, 02:14 AM
108024

Looks like the Gnome panels there for sure.


.

smartboyathome
March 30th, 2009, 02:17 AM
I hate the way they always say "millions of computers" rather than millions of Windows computers".


.

Yup, just like this (http://xkcd.com/558/). :)

MikeTheC
March 30th, 2009, 02:24 AM
I don't watch TV, and long ago stopped giving a s**t what nightly/weekly tv news magazines say. They're dumb as wooden poles and listening to what they say is about as useful as flying transports out of Hong Kong carrying rubber dog feces...

days_of_ruin
March 30th, 2009, 03:20 AM
Was he running a virtual machine and wasn't the computer on the left right the one
that got infected?:lolflag:

tgalati4
March 30th, 2009, 03:52 AM
Priceless.

damis648
March 30th, 2009, 03:57 AM
Priceless.

+1, nice screenie tbroderick. Clearly looks like Ubuntu to me, default panel layout and human theme. :popcorn:

tbroderick
March 30th, 2009, 04:25 AM
The episode is online for anyone who wants to see. You'll need flash.

http://www.cbsnews.com/video/watch/?id=4901282n

tubezninja
March 30th, 2009, 04:55 AM
The episode is online for anyone who wants to see. You'll need flash.

http://www.cbsnews.com/video/watch/?id=4901282n

COmplete with Norton AV preview ad and banners. Nice. Someone isn't hoping to profit off this.

Zyphrexi
March 30th, 2009, 06:51 AM
you know, just watching that for 15 seconds makes me want to dust off my troll-hammer and start crackin some skulls.

seriously... "blah blah blah they plant on the internet"

wtf, I didn't realize the internet was so centralized that could could actually plant something on it.

omg teh internetz has wurmz!!!

kevin11951
March 30th, 2009, 07:04 AM
I have a problem with the fact that they were using the ubuntu pc to actually do the attack on the windows pc...

And, i have seen this before... in a science channel show, they were using debian to show how easy it is to steal info from a cell phone over bluetooth...

ghindo
March 30th, 2009, 07:08 AM
I just wish they would have said Linux and OS X is immune and Windows XP and Vista are the susceptible OS.OS X really isn't as impervious as you might be led to believe, and Vista is actually a pretty secure operating system.

tjeremiah
March 30th, 2009, 07:47 AM
somewhere a nerd is reading this thread creating a bug for linux users.

toupeiro
March 30th, 2009, 07:51 AM
...and Vista is actually a pretty secure operating system.

[Citation Needed]

cariboo
March 30th, 2009, 07:55 AM
I wonder how much Symantec paid for that "news item"

Jim

stchman
March 30th, 2009, 07:56 AM
OS X really isn't as impervious as you might be led to believe, and Vista is actually a pretty secure operating system.

I thought OS X was built upon Unix (FreeBSD) so it has the same security Linux has. I guess Apple has bypassed the security for ease of use.

I know the UAC on Vista can stop attacks, but most moron users simply click OK to everything.

XP's default is administrator so it truly sucks.

stchman
March 30th, 2009, 08:02 AM
somewhere a nerd is reading this thread creating a bug for linux users.

I am sure that many a geek has tried. What is on Linux's side right now is that most Linux users are pretty knowledgeable. Most Windows users are pretty moronic.

Even if someone did write some malicious code the person that downloaded it would have to run it as sudo to any real damage.

toupeiro
March 30th, 2009, 08:16 AM
I am sure that many a geek has tried. What is on Linux's side right now is that most Linux users are pretty knowledgeable. Most Windows users are pretty moronic.

Even if someone did write some malicious code the person that downloaded it would have to run it as sudo to any real damage.

Another way to word this would be. Linux has the eyes of the world looking at it from a QA standpoint, and can deliver security patches on so many fronts much faster than Microsoft can, as the primary providers of such vulnerability fixes on Windows are Microsoft, and Microsoft only.

I protest that any "real" damage would require sudo. If you store data on your system at all, you store it in your $HOME directory. You don't need sudo to destroy that... In the end, your OS is free and replaceable. Your data is never so easy to replace.

3startuna
March 30th, 2009, 08:21 AM
108024

sweet human theme and all lol

fissionmailed
March 30th, 2009, 08:40 AM
Hahahaha Typical media sensationalism.

newbie2
March 30th, 2009, 12:28 PM
I hate the way they always say "millions of computers" rather than millions of Windows computers".


An entire article about computers and hacking and not one single mention of what OS they were running?
http://lxer.com/module/forums/t/28763/
:rolleyes:

conehead77
March 30th, 2009, 12:42 PM
I am sure that many a geek has tried. What is on Linux's side right now is that most Linux users are pretty knowledgeable. Most Windows users are pretty moronic.

Even if someone did write some malicious code the person that downloaded it would have to run it as sudo to any real damage.

There was a critical flash-vulnerability some time ago:
http://www.adobe.com/support/security/bulletins/apsb08-24.html
"Adobe Flash Player for Linux 9.0.151.0 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A specially formed SWF must be loaded in Flash Player for Linux by the user for an attacker to exploit this potential vulnerability."

This version was in the Ubuntu repositories for quite a while. I deinstalled flash for that reason (for some weeks).
Im sure most Linux desktop users use flash and could have been affected by this bug (no need for sudo btw).

Just a matter of time...

ralph2
March 30th, 2009, 01:01 PM
ubuntu users are safe I think it's not gona affect it

greggh
March 30th, 2009, 01:25 PM
CBS gets a lot of advertising from Microsoft. Microsoft recently did a big ad buy to air Windows commercials on CBS's NCAA basketball games. It is not a coincidence that 60 Minutes chose not to mention that the worm only affects computers running Microsoft Windows. In fact, during the whole piece, the words "Microsoft", "Windows", and "operating system" are not mentioned once.

If you're looking for truthful news, you're not going to find it in corporate owned media. CBS's 60 Minutes is just as corrupt in being tailored to please their corporate sponsors as the pablum on any of the Fox News shows.

Johnsie
March 30th, 2009, 02:18 PM
Alot of those viruses are using hacked Linux boxes to spread themselves.

There are bots out there scanning port 22 on ip address until they find a Linux box where ssh hasn't been secured properly. Then they hit that shh with a dictionary attack and break into the system. Botnets are very good at doing a combined dictionary attack from many ip addresses. If you're running ssh on port 22 with port forwarding so you can access your machine from the outside then you really need to think about moving to another port and using a very, very strong password. Changing the ssh settings to disable root access is important too. Anyone who runs a server of any sort should check the logs and make sure any php/perl scripts are secure.

Other evil programs can get into your system though security vulnerabilities in firefox etc. You know, the vulnerabilities that allow people to execute code on your machine. They may not have root access, but a non root user still has the ability to add things to startup in that account, send emails and make http requests.

There are also people out there who will add secret things to debs to trick people into installing things on their systems.


There are ways to get around these vulnerabilities, but they require a decent amount of knowledge in how computing works and if Linux ever got mainstream there would be alot of naive users to target.
You think you haven't been targetted by these things, but how do you know for sure? They aren't going to jump out at you and say "haha, you're infected", they will work quitely in the background.


So why don't we hear more about these things? Simple, not enough of them have targetted Linux yet, but if they do start targetting Linux you can be pretty sure they will be quite successful. Remember, non-root users and programs can still do alot of things.

Don't forget to read the Ubuntu Security Notices every so often if you don't already:
http://www.ubuntu.com/usn

The latest security notice for Ubuntu has the following paragraph in it:


It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10

Fixed, but new ones are discovered quite regularly.

Mehall
March 30th, 2009, 02:35 PM
Alot of those viruses are using hacked Linux boxes to spread themselves.

There are bots out there scanning port 22 on ip address until they find a Linux box where ssh hasn't been secured properly. Then they hit that shh with a dictionary attack and break into the system. Botnets are very good at doing a combined dictionary attack from many ip addresses. If you're running ssh on port 22 with port forwarding so you can access your machine from the outside then you really need to think about moving to another port and using a very, very strong password. Changing the ssh settings to disable root access is important too.

Other evil programs can get into your system though security vulnerabilities in firefox etc. You know, the vulerabilites that allow people to execute code on your machine. They may not have root access, but a non root user still has the ability to add things to startup in that account, send emails and make http requests.

There are also people out there who will add secret things to debs to trick people into installing things on their systems.


There are ways to get around these vulnerabilities, but they require a decent amount of knowledge in how computing works and if Linux ever got mainstream there would be alot of naive users to target.
You think you haven't been targetted by these things, but how do you know for sure? They aren't going to jump out at you and say "haha, you're infected", they will work quitely in the background.


So why don't we hear more about these things? Simple, not enough of them have targetted Linux yet, but if they do start targetting Linux you can be pretty sure they will be quite successful. Remember, non-root users and programs can still do alot of things.

Don't forget to read the Ubuntu Security Notices every so often if you don't already:
http://www.ubuntu.com/usn

The latest security notice for Ubuntu has the following paragraph in it:



Fixed, but new ones are discovered quite regularly.

When it says "only affects" it means Ubuntu releases, as that was a cross-platform issue with Firefox itself, just as the Flash thing was Adobe's fault.

Setting up ssh insecurely is user's fault, and that's why it'd not included by default.

Windows doesn't have remote access turned on by default, because a brute-force can crack it. Brute-forcing is not "hacking" a system, it's utilising weak passwords, and lack of use of a system like fail2ban

Johnsie
March 30th, 2009, 02:44 PM
yep, that's one of the points I was making . A system is only as secure as the user who uses it.. And alot of computer users are very naive or have little understanding of what they are doing, that makes them targettable. Non-root still has a decent set of priviliges and some programs do have vulnerabilities too.

Thelasko
March 30th, 2009, 03:09 PM
Other evil programs can get into your system though security vulnerabilities in firefox etc. You know, the vulnerabilities that allow people to execute code on your machine. They may not have root access, but a non root user still has the ability to add things to startup in that account, send emails and make http requests.

User level Firefox vulnerabilities are a very real concern. Please tell the developers to fix this problem. (http://brainstorm.ubuntu.com/idea/18369/)

sydbat
March 30th, 2009, 03:11 PM
Having been part of media interviews for the past 8 years (or so), I can tell you that "sensationalism" is exactly what CBS did with that report. It is very skewed.

I can pretty much guarantee that the Symantec guy talked about other OS's, most likely discussed Ubuntu on the one box (as seen in the screenshot earlier) because Ms. Stahl either asked about it or he volunteered the info, even explained how conficker only effects/affects Windows boxes...but all that was edited out by whoever produced the segment because "it wasn't flashy enough" or "too technical for the average viewer".

The media, regardless of how they perceive themselves (especially news media), target the LCD. A reporter may want to delve deeper into a subject in order to present real facts (and they do ask some very good and hard questions), but the producers almost always nix that...mostly because they come from the entertainment side of things and believe that people are stupid and cannot understand more than very basic ideas.

I have been told this by people interviewing me (they always tell me that most of the interesting stuff will be edited out) and by watching the end product on TV.

Johnsie
March 30th, 2009, 03:29 PM
User level Firefox vulnerabilities are a very real concern. Please tell the developers to fix this problem. (http://brainstorm.ubuntu.com/idea/18369/)


I'm impressed with solution #1. Running Firefox as a separate user is a very good idea. Allowing a vulnerable program like firefox access to a users home file system is crazy.

Sealbhach
March 30th, 2009, 03:32 PM
The media, regardless of how they perceive themselves (especially news media), target the LCD. A reporter may want to delve deeper into a subject in order to present real facts (and they do ask some very good and hard questions), but the producers almost always nix that...mostly because they come from the entertainment side of things and believe that people are stupid and cannot understand more than very basic ideas.

I have been told this by people interviewing me (they always tell me that most of the interesting stuff will be edited out) and by watching the end product on TV.

Interesting - it makes a good case for Public Funded State Broadcasting - in the style of the BBC during the days of John Reith.

.

sydbat
March 30th, 2009, 03:46 PM
Interesting - it makes a good case for Public Funded State Broadcasting - in the style of the BBC during the days of John Reith.

.When I have dealt with the CBC, they were quite fair and edited very little. Of course they are always the first to get budget cuts when the economy slows...

Johnsie
March 30th, 2009, 03:49 PM
I was interviewed once by the BBC when a whole load of staff lost their jobs, and they cut parts out and changed the chronology just to suit their story. Unfortunately the media edit stuff until they are happy that it goes along with the theme they want to show.

Mehall
March 30th, 2009, 03:53 PM
Yeah, the BBC aren't good just now, but as he said, wya back when, they were a good example.

aysiu
March 30th, 2009, 05:42 PM
I protest that any "real" damage would require sudo. If you store data on your system at all, you store it in your $HOME directory. You don't need sudo to destroy that... In the end, your OS is free and replaceable. Your data is never so easy to replace. You should be making regular backups of your data.

But in any case, erasing people's personal files isn't very lucrative, and most malware these days isn't created for the "Ah-ha! Gotcha" thrill. Most malware now is for financial profit.

You can bet one of the reasons malware thrives in Windows is that it's tied to system files and so difficult to remove. If malware lived only in the user space, you could delete it as easily as deleting a user account and creating a new one.

FLMKane
March 30th, 2009, 06:32 PM
Sorry if this is off topic, but is it possible to remove Conficker in Ubuntu without booting windows?

Chemical Imbalance
March 30th, 2009, 06:45 PM
Sorry if this is off topic, but is it possible to remove Conficker in Ubuntu without booting windows?

Yes, you can use some antivirus programs in linux like Avast Antivirus to scan your windows partition from within ubuntu.

I'm not sure if Avast includes signatures for Conficker yet though.

Google: Avast linux

Yed Ied
March 30th, 2009, 07:55 PM
60 Min. had a portion of their program devoted to the Apr virus,[I think it is actually a worm] having infected 12 million computers, world wide. A friend got a window on his PC last night that he needed to insert his recovery disk, I'm not sure what for, but he can't even get into BIOS. Everything is gone. I'm wondering, is this a Windows problem, a PC problem, or maybe a problem for us with Ubuntu on a PC or laptop? Even wondering if anyone knows.:confused:

tacantara
March 30th, 2009, 08:07 PM
I've read a few items on this Conficker.C worm, that is supposed to activate itself on 1 Apr 09. PC World magazine (online edition) has some good information on it. Presumably, Linux users have very little to worry about, but you can't take a virus threat too lightly. Have you downloaded and run any of the antivirus programs available through Ubuntu's Add/Remove Software and/or Synaptic Package Manager? Have you installed a GUI-based firewall and/or run it when you're on line? Can't be too careful.

amadeus266
March 30th, 2009, 08:10 PM
Anyone worried about the Conficker worm can open an account on Opendns.org and use their dns service. They are already setup to block the worm until a fix is found.

SunnyRabbiera
March 30th, 2009, 08:14 PM
Ubuntu wont be effected, this worm is mainly targeting windows PC's

days_of_ruin
March 30th, 2009, 08:17 PM
Is there a deb for that cool program the symantec guy was using?:lolflag:

bapoumba
March 30th, 2009, 08:22 PM
2 threads merged in.

sugarland2k
March 30th, 2009, 08:24 PM
Enough to make me dump MS XP on my CF-72 Toughbook. After Ubuntu/Kubuntu who needs virus checkers, defraggers, and all the utilities for MS Windows. I checked on Vista awhile back for a laugh, about $240....

Got my Dell Mini 9 and it's 100% Ubuntu!
Ubuntu/Kubuntu and FOSS rules

mister_pink
March 30th, 2009, 09:36 PM
What happened on 4th January?

jo4hnc
March 30th, 2009, 09:41 PM
An article from ZDNET says that the fingerprint of the worm(geez, I didn't know worms had fingers!)was discovered. It can now apparently be detected'

http://blogs.zdnet.com/security/?p=3043&tag=nl.e550

billgoldberg
March 30th, 2009, 09:59 PM
I don't feel like reading a ******** on this worm, can someone fill me in?

What makes it so special?

Eviltechie
March 30th, 2009, 10:07 PM
How do they know that this worm will be updated tomorrow. It's almost like they were planning it...

Thelasko
March 30th, 2009, 10:07 PM
What makes it so special?

It's just on a lot of computers. This happened because it doesn't spread through normal channels. It spreads through network drives and USB flash drives.

Chemical Imbalance
March 30th, 2009, 10:09 PM
For anyone who is wondering-- Linux is not susceptible to this particular threat. Of course linux is not bulletproof (like any OS), but you are safe against conficker.
Rootkits/Hacking/DDOS/Application Vulnerabilities are still of course relevant to linux, but following safe usage habits will generally keep you secure.
Some people like to spread misinformation that Linux is bulletproof and not susceptible to threats.

Linux is safer than windows and is not vulnerable to windows malware like Conficker, but you still must remain vigilant with your installation. For instance, do not install programs willy-nilly :) from the internet--try to use GPG-signed repos from trusted sources and keep your installation updated.
IPtables is incorporated into the kernel meaning unless you install Apache or other programs that open up ports, you should be fine on Ubuntu generally speaking as there are no open ports by default.

As I said, if you install programs from untrusted sources you could very well be installing a rootkit along with it.
Be safe, but also try not to be too paranoid :)

Roasted
March 30th, 2009, 10:17 PM
Does anybody know of any warning signs that you have Conficker?

We have a mostly Windows network at work (school district) and we ran into a couple XP Pro SP3 laptops today that had an error, something about the net logon service was not running. In no way shape or form could we log in to any of the 3 or 4 machines that happened today... domain logins, local logins, safe mode, etc, nothing worked.

This is too bizare, and considering some other recent (but minor) issues that have come up, we're wondering if maybe we got a hint of Conficker and it's just waiting till the 1st to deploy full bore.

Does anybody have any detailed info about this, about what we can look for? I'm just curious if those certain laptops were having any issues, but without being able to login, I was stuck.

Koori23
March 30th, 2009, 10:20 PM
Conficker is setup to receive it's next set of instructions on April 1st. What those instructions are, it's anyone's guess really. That worm has so many Top Level Domains to chose from it's impossible to know what it's programmed to do beyond that point. That does not necessarily mean that it will "go active" on April 1st.

I don't understand why Microsoft would default to sharing the entire root drive. I'm writing this post on an XP machine and I have the server service OFF. I think my XP box, as it's configured is as secure as my Linux box.

Remote Registry
DCOM
NetBios helper
File and Print Sharing

My god, how dumb do you have to be to set up a machine by default with all that crap loaded. You might as well play roulette with a semi automatic weapon.

Chemical Imbalance
March 30th, 2009, 10:22 PM
Does anybody know of any warning signs that you have Conficker?

We have a mostly Windows network at work (school district) and we ran into a couple XP Pro SP3 laptops today that had an error, something about the net logon service was not running. In no way shape or form could we log in to any of the 3 or 4 machines that happened today... domain logins, local logins, safe mode, etc, nothing worked.

This is too bizare, and considering some other recent (but minor) issues that have come up, we're wondering if maybe we got a hint of Conficker and it's just waiting till the 1st to deploy full bore.

Does anybody have any detailed info about this, about what we can look for? I'm just curious if those certain laptops were having any issues, but without being able to login, I was stuck.

Microsoft released a patch already for SP3 and has a Removal tool, according to this: http://en.wikipedia.org/wiki/Conficker

There are several scanners that will detect it (in that article).

Thelasko
March 30th, 2009, 10:24 PM
Does anybody know of any warning signs that you have Conficker?

Wikipedia has the answer: (http://en.wikipedia.org/wiki/Conficker)


Account lockout policies being reset automatically.
Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
Domain controllers responding slowly to client requests.
System network becoming unusually congested.
Websites related to antivirus software becoming inaccessible.


Symantec also says: (http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm)

If you’re worried about the Conficker worm striking on April 1st, don’t be.

On April 1st the Conficker worm will simply start taking more steps to protect itself. After that date, machines infected with the “C” variant of the worm may not be able to get security updates or patches from Microsoft and from many other vendors. The creators of the worm will also start using a communications system that is more difficult for security researchers to interrupt.

jo4hnc
March 30th, 2009, 10:25 PM
Here's an article on Windows Secrets with some detail and advice on removal.

http://windowssecrets.com/2009/03/30/01-Run-a-Conficker-removal-tool-before-April-1

CarpKing
March 30th, 2009, 11:54 PM
there are plenty of people who never update their computers, which i have no idea how that is possible considering how aggressive microsoft is about forcefully updating and even restarting your computer if it has to.

People get sick of the updates forcing automatic reboots so they turn them off and never think of them again.

Koori23
March 31st, 2009, 12:10 AM
People get sick of the updates forcing automatic reboots so they turn them off and never think of them again.

I've wondered about that myself. Microsoft released the patch in October, Conficker started to gain ground in November/December. That to me means that MS knew of the exploit, patched it but wasn't real clear as to why it was "critical".

I don't know whose fault that is.. I tend to think that we're dealing with the boy who cried wolf one too many times.

Besides all that.. The only way to forget about updates is to get rid of the Security Center service.. Everytime you boot up it flashes all sorts of warnings at you.

smbm
March 31st, 2009, 12:12 AM
Hopefully it's all part of some annoying but ultimately benign mass rick-rolling or something.

swoll1980
March 31st, 2009, 12:49 AM
I don't know whose fault that is..

It's the users fault! Microsoft makes it a point to warn you about security risk, and to enable automatic updates, and annoys the crap out of you until you either comply, or disable it. If you decide to ignore all that, and fail to update your system, you have no one to blame, but your self.

Chemical Imbalance
March 31st, 2009, 01:04 AM
Hopefully it's all part of some annoying but ultimately benign mass rick-rolling or something.

That would be hilarious ! :)



*April 1:
WARNING WARNING! You're computer will self-destruct in 5....4....3....2....1....

♫♬♫♬"Were no strangers to love. You know the rules and so do I (do I do I)..."♫♬♫♬

travis2244
March 31st, 2009, 01:14 AM
o well at least us ubuntu users wont have to worry lol \\:D/\\:D/

Old_Grey_Wolf
March 31st, 2009, 01:20 AM
Just in case something really does happen, and I don't expect anything will, I'm taking my bootable Ubuntu USB stick to work on Wednesday.

:lolflag:

linuxisevolution
March 31st, 2009, 01:24 AM
Just in case something really does happen, and I don't expect anything will, I'm taking my bootable Ubuntu USB stick to work on Wednesday.

:lolflag:
My school yells at me when I do that. They call it hacking.

And my principal was trying to get me in trouble for it, and he kept pronouncing it as luxwin, instead of Linux.

him: "So what is this um.... *looks at paper* luxwin thing your using"
me: "It's a different operating system I use from my flash drives because this schools computers are ill maintained and take around 20 minutes to start."
him: "This sounds scary. I don't think you should be using it"

linuxisevolution
March 31st, 2009, 01:29 AM
Hmm.. So this worm could even format a persons hard drive and install Linux in the background without them knowing? lol, neat.

We simply don't know what's going to happen, and thats why it's so amazing. I wish I could meet the creators of this worm. Congrats to them for this genius design! :)

Old_Grey_Wolf
March 31st, 2009, 01:39 AM
My school yells at me when I do that. They call it hacking.

A lot of people don't know the deference between hacking and cracking.

So, is Conficker a hack or a crack?

:confused:

swoll1980
March 31st, 2009, 01:47 AM
A lot of people don't know the deference between hacking and cracking.

So, is Conficker a hack or a crack?

:confused:

Conficker is a crack for sure.

fredunderhill
March 31st, 2009, 02:25 AM
Another way to word this would be. Linux has the eyes of the world looking at it from a QA standpoint, and can deliver security patches on so many fronts much faster than Microsoft can, as the primary providers of such vulnerability fixes on Windows are Microsoft, and Microsoft only.

I protest that any "real" damage would require sudo. If you store data on your system at all, you store it in your $HOME directory. You don't need sudo to destroy that... In the end, your OS is free and replaceable. Your data is never so easy to replace.



actually, i installed ubuntu using wubi, so that in case i screw up doing something, not all will be lost. this being said, i store everything on the windows partition and have all my defaults set to there.

Swagman
March 31st, 2009, 02:40 AM
Yeah, I'm wondering what happened on 4th of January as well?

I suspect they actually mean 1st of April though

1/4/2009

Vevmesteren
March 31st, 2009, 02:46 AM
There was, once upon a time the dooms day millenium bug that was to bring the whole world to a stand still. I remember watching TV that night. Seeing the rockets shoot into the sky of Sidney, I was so disappointed that night... No crashing buildings. no chaos. Now I have a child and am in another place. But am secretly hoping that this Microsoft hoax maybe might come true...which off course unfortunately would make it 'my problem' too. but really I think it is a MS way of blowing companies using cracked free versions of their software wide open...I just hope my (so far non-bailed-out-bank) is paying their Excel Spreadshits...no wait...

toupeiro
March 31st, 2009, 02:48 AM
You should be making regular backups of your data.

But in any case, erasing people's personal files isn't very lucrative, and most malware these days isn't created for the "Ah-ha! Gotcha" thrill. Most malware now is for financial profit.

You can bet one of the reasons malware thrives in Windows is that it's tied to system files and so difficult to remove. If malware lived only in the user space, you could delete it as easily as deleting a user account and creating a new one.

If we are taking into account all disaster recovery measures are in place, then who cares really what OS it is, or what the security model is. Backups are backups. This whole stance would be moot if you are going to facture that in. Anti-virus and malware is preventative maintenance to avoid using backups, regardless of the realm of attack, backups themselves are a completely different scope. With or without these preventative tools, if you don't have backups, you're playing with fire, so thats not the scenario I wanted to pitch because I felt it was pretty much assumed.



Also, it completely depends on how you would classify your personal data, whether or not you think its lucrative to exploit. Just because its in user space doesn't mean its not very critical.. I've seen it a thousand times. When it comes down to the destruction of an operating system, people don't care about that box anymore, all they care about is what was on it. They don't care if its a new box, or a new OS, as long as the data was not compromised. Without good backups, you probably just lost your job, with good backups, it doesn't make your loss of data any less critical whether its in user space or system space if its been classified as critical. My point was, if someone wanted to be malicious, it doesn't necessarily mean they have to take their system down, or exploit an OS security hole. There is a lot of damage to be done in the user space with data saved in home directories that malware would love to crawl over, or flat out corrupt or delete. Don't think that just because in most cases linux OSes can't be exploited as easily as Windows ones, that there is not plenty of havoc that can be wreaked. I think one reason we don't see many of these incidents on linux is that typically linux users have a higher awareness level of their system, but if that paradigm changes, I believe you will see this exploited much more. Your browsing history, installed app configurations, and perhaps things like your financial data and tax info are all in your $HOME. You're ships not sinking, but its a pretty pointless ship now that everything on it is gone. /bad_analogy

Lunx
March 31st, 2009, 03:07 AM
People get sick of the updates forcing automatic reboots so they turn them off and never think of them again.

And also remember there are plenty of people running dodgy copies of Windows who don't go anywhere near a patch or anything else ( some estimates I've come across say this could be as high as 30% of Windows users). MS won't allow them to update security, so these #*$% users can keep on infecting everyone elses machine. Don't quite get the MS take on this issue, since surely the credit they would gain by having a secure system that people could have faith in would more than offset the loss of $$$ they cop from people pirating the software.

toupeiro
March 31st, 2009, 03:12 AM
actually, i installed ubuntu using wubi, so that in case i screw up doing something, not all will be lost. this being said, i store everything on the windows partition and have all my defaults set to there.

Thats a smart config as long as you keep windows patched and backed up ;) Of course, if something happens to your filesystem (like a nasty BSOD), and you're wubi install is on that partition, bye bye wubi and windows.

Dustin2128
March 31st, 2009, 03:29 AM
how many computers do you think will go down day after tomorrow? I'm thinking a couple thousand, nothing that will make a dent in the M$ market share.:(

FuturePilot
March 31st, 2009, 03:31 AM
I just saw a piece on the news about this. But what I found interesting was, and I quote,

...Mac and Linux are not affected.

Did I hear that right? Linux got mentioned in the news! :o

Grant A.
March 31st, 2009, 03:55 AM
Conficker/downadup has infected over 9,000,000 Windows-running computers.

swoll1980
March 31st, 2009, 04:22 AM
:popcorn: This should be fun to watch. I think it's another 01/01/2000. All show, and no go. Maybe a scam to increase Norton's bank account

wolfen69
March 31st, 2009, 04:27 AM
Conficker/downadup has infected over 9,000,000 Windows-running computers.

i just saw where it had infected 9 million back in january. duh. do the math.

but whatever, it good for my business.

ghindo
March 31st, 2009, 04:28 AM
There's already a big thread on this:

http://ubuntuforums.org/showthread.php?t=1110074

woppy71
March 31st, 2009, 04:29 AM
:popcorn: This should be fun to watch. I think it's another 01/01/2000. All show, and no go. Maybe a scam to increase Norton's bank account

Seconded..

wolfen69
March 31st, 2009, 04:30 AM
:popcorn: This should be fun to watch. I think it's another 01/01/2000. All show, and no go. Maybe a scam to increase Norton's bank account

downfall

people are starting to get wise.

wolfen69
March 31st, 2009, 04:32 AM
Seconded..

let them pass money around. i won't be part of it. i deal with the fallout.

Lunx
March 31st, 2009, 05:49 AM
Was just looking at some other totally unrelated stuff when I came across this link which provides a pretty in-depth analysis of this latest variant

http://mtc.sri.com/Conficker/addendumC/

tbroderick
March 31st, 2009, 06:28 AM
Conficker/downadup has infected over 9,000,000 Windows-running computers.

9,000,000 at it's peak. The estimate is maybe 1,000,000 to 2,000,000 active infections.

MikeTheC
March 31st, 2009, 06:31 AM
Lots of people using Windows... Check.

Lots of malware comes out for Windows... Check.

Users becoming desensitized to it all... Check.

Some alpha-hotel comes up with Conficker... Check.

Now all we need is Cylon Expeditionary Force Gamma to come along, and...

Oh, wait. I use Linux and Mac OS X. Never mind. Crisis averted.

woppy71
March 31st, 2009, 06:34 AM
Lots of people using Windows... Check.

Lots of malware comes out for Windows... Check.

Users becoming desensitized to it all... Check.

Some alpha-hotel comes up with Conficker... Check.

Now all we need is Cylon Expeditionary Force Gamma to come along, and...

Oh, wait. I use Linux and Mac OS X. Never mind. Crisis averted.

:lolflag:

HermanAB
March 31st, 2009, 06:35 AM
It won't matter. 10 million is about 0.1% of PCs and anybody with important data on their machines will have them patched. So it is mostly a small percentage of clueless home users that are affected.

ghindo
March 31st, 2009, 06:43 AM
Was just looking at some other totally unrelated stuff when I came across this link which provides a pretty in-depth analysis of this latest variant

http://mtc.sri.com/Conficker/addendumC/A bit too technical for my knowledge, but still a very, very interesting read. It's incredible how sophisticated this viruses have become. If only the people who write this kind of software would work on something more productive :(
It won't matter. 10 million is about 0.1% of PCs and anybody with important data on their machines will have them patched. So it is mostly a small percentage of clueless home users that are affected.It affects everybody, whether or not you've actually been infected with the program. These infected machines can and will be used for everything from spambots to DDoS attacks.

dmn_clown
March 31st, 2009, 04:22 PM
These infected machines can and will be used for everything from spambots to DDoS attacks.

And Mac OSX and Linux can help spread the files that cause the infections, yada yada yada... nothing changes.

I miss the days when viruses did something besides spread themselves, give me a nice jolly roger once every three boots at random at the very least.

coolbrook
March 31st, 2009, 10:16 PM
It's already April 1 in some parts of the world. So far, so good.

HavocXphere
March 31st, 2009, 11:45 PM
It won't matter. 10 million is about 0.1% of PCs
lols. It's not that easy. Assuming each PC has a conservative 0.5 mbps line:

512kbps x 10 000 000 = 5 120 000 000
= 5000000 mbps
=+- 4882 gbps

Which is enough to sink pretty much anything on the internet...or the internet itself via the root servers.:-|

The previous record-holder for the biggest botnet was ~0.5 mil PCs.

Chances are that it won't sink the internet though...cause that would make the botnet useless too.;) I'm betting its going to be used for spam and that we won't notice much aside from an increase in spam.

connorh123
April 1st, 2009, 12:18 AM
Hello. I've heard rumors about this "virus" that's going to infect 10 million+ computers. Is this simply an April Fools joke? Or is this very real? I also heard that Linux computers are protected? If there really is a virus, I'd like to know how I can keep my computer safe.
Thanks,
Connorh123

xenophed
April 1st, 2009, 12:21 AM
No joke it is real BUT there is hope use the clamav package to scan any windows/mac/dos/etc... partitions

philinux
April 1st, 2009, 12:30 AM
No joke for windows users.

http://www.google.com/search?q=conficker&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=pub-2070091971271392

wpshooter
April 1st, 2009, 12:36 AM
Yup same way dell and other big companies keep trying to stuff windows down everyone's throats.

I guess it would be too dangerous for symantec to come out and say how crappy and susceptible windows really is.

Heck, M/S windows is Symantec's bread & butter. Do you think they are crazy ???

Castor68
April 1st, 2009, 12:55 AM
Happy April 1st for Windows users !!!!!

unoodles
April 1st, 2009, 12:55 AM
lols. It's not that easy. Assuming each PC has a conservative 0.5 mbps line:

512kbps x 10 000 000 = 5 120 000 000
= 5000000 mbps
=+- 4882 gbps

Which is enough to sink pretty much anything on the internet...or the internet itself via the root servers.:-|

The previous record-holder for the biggest botnet was ~0.5 mil PCs.

Chances are that it won't sink the internet though...cause that would make the botnet useless too.;) I'm betting its going to be used for spam and that we won't notice much aside from an increase in spam.

Think about it like this:
They have ~10 million processors at their disposal.
The worlds faster supercomputer (the IBM Roadrunner: http://en.wikipedia.org/wiki/IBM_Roadrunner ) only has 122,400 processors.
That means they have 81x the amount of processing as the worlds fastest supercomputer.
Is there anything that they can't do?

CarpKing
April 1st, 2009, 01:12 AM
That means they have 81x the amount of processing as the worlds fastest supercomputer.
Is there anything that they can't do?

Maybe they'll use it to find the cure for cancer. Or maybe they're just trying to set up "Team Conficker" as the unassailable Folding@home champion.

Sealbhach
April 1st, 2009, 01:34 AM
Is the Internet broken yet?


.

ghindo
April 1st, 2009, 02:21 AM
Maybe they'll use it to find the cure for cancer. Or maybe they're just trying to set up "Team Conficker" as the unassailable Folding@home champion.Oh man, that'd be so sweet.

connorh123
April 1st, 2009, 02:33 AM
Haha. That would.

arvevans
April 1st, 2009, 02:50 AM
Seems that the thread has gotten a little loose...

The Conficker Worm is a PHP language thing. If you have opened up your PHP to remote execution, then you are vulnerable...regardless of which OS you are using.

For Linux you need to keep RCP and PHP under tight control. Thus, no problem. The standard install seems tight enough to prevent problems.

unoodles
April 1st, 2009, 05:09 AM
Seems that the thread has gotten a little loose...

The Conficker Worm is a PHP language thing. If you have opened up your PHP to remote execution, then you are vulnerable...regardless of which OS you are using.

For Linux you need to keep RCP and PHP under tight control. Thus, no problem. The standard install seems tight enough to prevent problems.

I do believe that you are wrong.
The Conficker ( http://en.wikipedia.org/wiki/Conficker ) that we are talking about is a worm that spreads through a vulnerability in Windows Remote Procedure Call that was patched in November 2008.


Edit: OMG did you just April Fool me? #-o

lavinog
April 1st, 2009, 05:50 AM
If it is as widespread as the media claims(wants) it to be, this could be good for the economy.
Scenario #1: Many average users fail to realize they have a virus. They just think their computer is slow, and may just buy a new machine.
Scenario #2: Non of the anti-virus programs seem to be really effective in removing malware. Many computer repair shops/individuals will have plenty of work ahead.

stchman
April 1st, 2009, 06:00 AM
Another way to word this would be. Linux has the eyes of the world looking at it from a QA standpoint, and can deliver security patches on so many fronts much faster than Microsoft can, as the primary providers of such vulnerability fixes on Windows are Microsoft, and Microsoft only.

I protest that any "real" damage would require sudo. If you store data on your system at all, you store it in your $HOME directory. You don't need sudo to destroy that... In the end, your OS is free and replaceable. Your data is never so easy to replace.

Destroying data in my ~/ folder would not make the PC a drone, ID thief, be able to control the PC from anywhere in the world, etc.

Ok they may get some of my .mp3 files and other documents, but I do keep ALL my important personal data on another partition (besides email as Evolution uses a folder in your ~/ folder).

stchman
April 1st, 2009, 06:02 AM
There was a critical flash-vulnerability some time ago:
http://www.adobe.com/support/security/bulletins/apsb08-24.html
"Adobe Flash Player for Linux 9.0.151.0 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A specially formed SWF must be loaded in Flash Player for Linux by the user for an attacker to exploit this potential vulnerability."

This version was in the Ubuntu repositories for quite a while. I deinstalled flash for that reason (for some weeks).
Im sure most Linux desktop users use flash and could have been affected by this bug (no need for sudo btw).

Just a matter of time...

I use Flash 10 64 bit stored in my ~/mozilla/plugins folder. Since I do not use sudo and Firefox together I feel that I am protected.

toupeiro
April 1st, 2009, 06:31 AM
Destroying data in my ~/ folder would not make the PC a drone, ID thief, be able to control the PC from anywhere in the world, etc.

Ok they may get some of my .mp3 files and other documents, but I do keep ALL my important personal data on another partition (besides email as Evolution uses a folder in your ~/ folder).

Well, you've ruled out your vulnerability. Just a few billion more accounts worldwide to go. :P

I never debated deleting your ~/ or $HOME or however you want to reference it would not render your PC useless. Rather, that losing your data maliciously can be as bad as cratering your OS. I think I am running out of ways to explain this. Hopefully this one sticks.

lavinog
April 1st, 2009, 07:06 AM
Wouldn't a script that extracts all of the text from all of your personal documents, compresses it and uploads it to a remote site be worse than just losing your data?
A script could also be made to watch your browsing history, or even take screenshots and upload them remotely without needing super user privileges.

The question you have to ask is could such a script be installed and executed on your computer? On the average linux noob computer?

run1206
April 1st, 2009, 07:09 AM
well, on my Vista partition playing poker on Facebook, nothing suspicious yet, will reboot check for anything wrong, though i think it's all a big hype for nothing.

Worse case, just run Intrepid ;)

savagenator
April 1st, 2009, 07:24 AM
I think this configure fick is better than arch linux dropping i686 support.

tominto
April 1st, 2009, 07:43 AM
I just tried logging into my yahoo account to check mail, and I recieved an 'error code 2' message. Could this be related to conficker? Has my account been hacked?

mister_pink
April 1st, 2009, 11:26 AM
I never debated deleting your ~/ or $HOME or however you want to reference it would not render your PC useless. Rather, that losing your data maliciously can be as bad as cratering your OS. I think I am running out of ways to explain this. Hopefully this one sticks.

I think losing all your data (ignoring backups) is far far worse than just destroying your OS, after all it comes on a free disk and takes under half an hour to install. However theres two points: one is that downloaded files dont have any permissions to execute by default so are still unable to delete your ~/, and the other is that viruses don't just delete stuff anymore. Thats so 1990's! Theres no money in it!

ranch hand
April 1st, 2009, 06:24 PM
The French navy found conficker on their computers and quarenteened them until thay were cleaned. For several hours many of their planes were grounded at airbases as they could not download their flight plans.

Why on earth would you run your navy on MS?

British parliment had a simular problem with their computers. No wonder people don't trust governmnt. They are run on Windows.

One thing that was not mentioned on TV or most articles I have read is thaat this I exploiting a security hole in MS SERVERS. Networked computers are in the most danger.

Conficker also will self install on thumb drives and then can infect non MS server connected computers.

pewterbot9
April 1st, 2009, 07:13 PM
It is way overhyped. Mostly only 3rd word countries will get the virus cause most developed countries don't have pirated windows or unpatched machines.

More specifically, poorer nations run on older hardware and software that is exported as junk by western nations. Ergo, they are much more vulnerable to infections, 'cause they can't use updated security. I understand a lot of their networks are run in DOS!

pewterbot9
April 1st, 2009, 07:19 PM
Why on earth would you run your navy on MS?

No kidding! You'd think Bill Gates would be imprisoned for treason, for knowingly selling shoddy security software to our government and military. Plus: how many small businesses have been crippled and sabotaged by Micro$oft?


Conficker also will self install on thumb drives and then can infect non MS server connected computers.

From what I've read, Confiker can spread via non MS servers, but not do them injury. The harm only occurs on MS systems...not on *nix.

Correct me if I'm wrong.

HermanAB
April 1st, 2009, 07:22 PM
Fortunately, the US DoD is also a heavy user of MS. It is a great relief to the rest of the world.

t0p
April 1st, 2009, 08:17 PM
From what I've read, Confiker can spread via non MS servers, but not do them injury. The harm only occurs on MS systems...not on *nix.

Correct me if I'm wrong.

You're wrong!! Conficker deleted my Ubuntu partition! A lifetime's work - wiped out in a second by a wicked virus!

Thank heck I had a Windows ME partition, otherwise everything would be lost!

Chemical Imbalance
April 1st, 2009, 09:45 PM
You're wrong!! Conficker deleted my Ubuntu partition! A lifetime's work - wiped out in a second by a wicked virus!

Thank heck I had a Windows ME partition, otherwise everything would be lost!

Conficker wiped my brain and installed Zombie Soft beta!


*Errrrrr, eat....brains....Errrrr*

tom66
April 1st, 2009, 09:50 PM
The world's still here.

I wonder what the instructions were? Someone must have captured them by logging them somehow...

linuxisevolution
April 1st, 2009, 10:18 PM
Sorry if this is off topic, but is it possible to remove Conficker in Ubuntu without booting windows?

Nope. It embeds itself in window's kernel and shell(explorer). You MIGHT be able to edit their .exe's with a hexadecimal editor, bit it's messy.

So April fools is here, has anything new happened with conflicker?

linuxisevolution
April 1st, 2009, 10:19 PM
The world's still here.

I wonder what the instructions were? Someone must have captured them by logging them somehow...

haha nice idea...

Such a simple task as logging could catch this thing, I wonder if the big guys paid $250k by microsoft know to do that?

Stan_1936
April 1st, 2009, 10:23 PM
...a simple task as logging could catch this thing..

What do you mean by "logging"?

linuxisevolution
April 1st, 2009, 10:33 PM
What do you mean by "logging"?

logging everything(aka recording).

record tcp/udp requests, running processes, etc.

Stan_1936
April 1st, 2009, 10:35 PM
logging everything....tcp/udp requests, running processes, etc.

That would take a long long time....hardly a simple task, no?

Johnsie
April 1st, 2009, 10:42 PM
Hacked Linux boxes are also being used to host/send instructions. If you run a server then I suggest you review your security regime.

Eg. Dont have a shell on an open port 22. If you do make sure the right restrictions are on it like banning root access from remote hosts, and please, please dont run an unencrypted ftp on port 21. Make sure your passwords are good, strong ones. Also make sure you install the latest ubuntu security updates and check the official Ubuntu security notices to see what some of the other threats are. Don't install any debs from untrusted sources.

Remember, non-root accounts still have alot of priviledges like adding things to the account startup, sending email, tcp/ip, keyloggers etc... enough to get you in trouble and cause problems. Ubuntu has vulnerabilities like any other operating system and it's important not to forget that. Don't think for a second that usng Linux makes you magically safe. Also, just because you can't see that you've been compromised doesn't mean that you haven't been compromised. Alot of these bots/hackers know how to edit your log files. If you're unsure about security on Ubuntu then I suggest you read up on it.

Grant A.
April 2nd, 2009, 01:38 AM
Now this is scary, conficker has actually started its dirty work.

http://tech.slashdot.org/article.pl?sid=09/04/01/1330201&art_pos=14

cardinals_fan
April 2nd, 2009, 01:43 AM
Now this is scary, conficker has actually started its dirty work.

http://tech.slashdot.org/article.pl?sid=09/04/01/1330201&art_pos=14
I didn't know Elmendorf had nukes. Not really surprising, but rather scary.

CJ Master
April 2nd, 2009, 01:49 AM
Now this is scary, conficker has actually started its dirty work.

http://tech.slashdot.org/article.pl?sid=09/04/01/1330201&art_pos=14

The article specifically said that it is "written in the spirit of April Fools" so we can assume that it's not real.

Dr Small
April 2nd, 2009, 01:52 AM
Hacked Linux boxes are also being used to host/send instructions. If you run a server then I suggest you review your security regime.

Eg. Dont have a shell on an open port 22.
I have SSH running on port 22, open to the internet.



If you do make sure the right restrictions are on it like banning root access from remote hosts,
I've disabled root access with SSH.



and please, please dont run an unencrypted ftp on port 21.
I do, but only on the network for the Windows computers!! ):P



Make sure your passwords are good, strong ones.

All of my passwords are strong, and over 9 characters.




Also make sure you install the latest ubuntu security updates and check the official Ubuntu security notices to see what some of the other threats are. Don't install any debs from untrusted sources.

I don't run Ubuntu...

Dr Small
April 2nd, 2009, 01:55 AM
That would take a long long time....hardly a simple task, no?

I don't think it would take that long, if you knew that you were compromised, and actually just started logging and didn't do any network related activity on the system. Scan for several days, then go back and look for suspicious activity.

Old_Grey_Wolf
April 2nd, 2009, 02:10 AM
Now this is scary, conficker has actually started its dirty work.

http://tech.slashdot.org/article.pl?sid=09/04/01/1330201&art_pos=14

:lolflag:

We were doing backups today at my job; therefore, the network was slow. People were suddenly talking about Conficker infecting our network. No, normal business operations. :)

We had an electrical power company problem as well today. The lights in the office dimmed a little, and some of the older workstations shut down. People were suddenly talking about Conficker crashing our computers. No, normal business operations. :)

Conficker may get credit for something it didn't do over the next few days.

:lolflag:

cardinals_fan
April 2nd, 2009, 02:12 AM
The article specifically said that it is "written in the spirit of April Fools" so we can assume that it's not real.
Jokes about Alaska don't work as well when you live here ;)

Dr Small
April 2nd, 2009, 02:12 AM
:lolflag:

We were doing backups today at my job; therefore, the network was slow. People were suddenly talking about Conficker infecting our network. No, normal business operations. :)

We had an electrical power company problem as well today. The lights in the office dimmed a little, and some of the older workstations shut down. People were suddenly talking about Conficker crashing our computers. No, normal business operations. :)

Conficker may get credit for something it didn't do over the next few days.

:lolflag:
Conficker is helpful to technitions. They can now use it as a great excuse to all their clients problems...

linuxisevolution
April 2nd, 2009, 02:13 AM
Jokes about Alaska don't work as well when you live here ;)

You live in Alaska?

BTW: You live in /dev/null too?

Dr Small
April 2nd, 2009, 02:16 AM
You live in Alaska?

BTW: You live in /dev/null too?
No duh.
Alaska is /dev/null ;)

Old_Grey_Wolf
April 2nd, 2009, 02:19 AM
Conficker is helpful to technitions. They can now use it as a great excuse to all their clients problems...

ROTFLMAO, Yep!

And most of our servers run Linux.

cardinals_fan
April 2nd, 2009, 02:19 AM
You live in Alaska?

BTW: You live in /dev/null too?
Anchorage. I don't think there's a nuclear missile installation in Elmendorf, but there is a facility off the Glenn highway where I am convinced they shoot lasers at the aliens.

No duh.
Alaska is /dev/null ;)
attu == "/dev/null"

damis648
April 2nd, 2009, 02:21 AM
The more I think about it, I think that the conficker was just a clever trick to fool us all. It's goal was to get us hyped for some big catastrophe, when all along it was just an April fools joke to try and see how many people they could scare.

linuxisevolution
April 2nd, 2009, 02:22 AM
Anchorage. I don't think there's a nuclear missile installation in Elmendorf, but there is a facility off the Glenn highway where I am convinced they shoot lasers at the aliens.

attu == "/dev/null"

lol maybe they are using them for target practice...

linuxisevolution
April 2nd, 2009, 02:37 AM
The internet is infected.



>.> going back to NetBSD..

Sealbhach
April 2nd, 2009, 02:40 AM
Everything on Slashdot today is silly:

http://slashdot.org/


.

Dr Small
April 2nd, 2009, 02:42 AM
everything on slashdot today is silly:

http://slashdot.org/


.
+1

TBOL3
April 2nd, 2009, 02:45 AM
You know, what if slashdot needed to actually report something that was both urgant, and important today?

Dr Small
April 2nd, 2009, 02:49 AM
You know, what if slashdot needed to actually report something that was both urgant, and important today?
If there was something that was urgent, they'd just post it tomorrow. What tech related news is "urgent" anyhow?

TBOL3
April 2nd, 2009, 02:52 AM
I don't know, say something like the codeweavers lame duck giveaway, except it had no warning, and it only lasted for 5 hours (and it was honostly not a joke).

calrogman
April 2nd, 2009, 09:55 PM
Really, you never hear of Norton AV for Linux.

Did they manage to make it slow computers down, use copious amounts of system resources and suck horribly? I'd rather get a virus.

Koori23
April 2nd, 2009, 10:42 PM
Here I thought Norton AV WAS a virus. All this time and I just now realized it's supposed to prevent such things.. Learn something new everyday I guess.

Godly
April 2nd, 2009, 10:51 PM
Here I thought Norton AV WAS a virus. All this time and I just now realized it's supposed to prevent such things.. Learn something new everyday I guess.
Really? Wow!

Sealbhach
April 2nd, 2009, 10:54 PM
Here I thought Norton AV WAS a virus.

Yes it is, and you have to download a special patch to remove it.

.

Fenris_rising
April 2nd, 2009, 11:00 PM
Yes it is, and you have to download a special patch to remove it.

.

Any flavour of Linux should do it :D

ranch hand
April 2nd, 2009, 11:50 PM
Yup, that's how I removed all that crap from my box. Those Live CDs will really clean a system up if you just let it use the whole drive. Vista works a lot better for me now that it is off the box, haven't even been able to fail to update security for a long time now. What a bummer.