Glitch City Laboratories Archives

Glitch City Laboratories closed on 1 September 2020 (announcement). This is an archived copy of a thread from Glitch City Laboratories Forums.

You can join Glitch City Research Institute to ask questions or discuss current developments.

You may also download the archive of this forum in .tar.gz, .sql.gz, or .sqlite.gz formats.

General Discussion

Conficker strikes, or is it a prank? - Page 1

Conficker strikes, or is it a prank?

Posted by: Wild MissingNo. appeared
Date: 2009-04-01 00:40:40
Today, is the day, that Conficker is meant to start. I was reading about it, from my Google News.:

PC users brace for attack by Conficker worm

Today may see the beginning of a global online crime wave - or the biggest April Fool's Day joke in Internet history.

It all depends on what happens to as many as 15 million personal computers that could be infected with an insidious worm called Conficker. On April 1, these machines are supposed to receive new instructions from the worm's creators via the Internet. And computer security experts don't know what to expect.

"There's just no way to tell," said Fred Rica, who oversees the computer threat and vulnerability management practice at PriceWaterhouseCoopers LLP in Florham Park, N.Y. There might be a surge in spam e-mails or digital attacks on major Internet sites, or, said Rica, "it could be a nonevent."

First spotted in November 2008 by computer security researchers, Conficker attacks computers running Microsoft Corp.'s Windows XP or Vista operating systems. Conficker is made possible by a security flaw in the Windows software that allows an infected machine to spread the worm to other Windows computers through the Internet. Microsoft issued a fix for the problem months ago, but millions haven't installed it. Conficker can also be spread by infected removable disks or USB drives. If a machine is already infected, getting a cure can be difficult, because Conficker will block the computer from visiting websites that provide antivirus products.

Computer security experts say Conficker has infected relatively few US computers. It's mainly attacked machines in countries like China and India, where millions use unauthorized copies of Windows. Microsoft does not provide automatic security updates for pirated software.

But Richard Wang, manager of Sophos Labs US in Burlington, a major computer virus research center, said Conficker-infected machines in other countries could have a big impact in America. "You don't have to be infected by Conficker to receive the spam it sends," Wang said.

Conficker has already drawn blood. It forced the French Navy to ground some of its fighter planes and tainted so many desktop computers at the British Ministry of Defense it took two weeks to repair the damage. And this happened even before the worm went active.

Computer researchers who analyzed the Conficker code found that infected machines are supposed to contact remote servers over the Internet on April 1, and download a set of instructions. But only the unknown vandals who created Conficker know what these instructions will be.

The experts fear that Conficker will transform the infected machines into a "botnet" - a remote-controlled computer network that could launch digital attacks on major online services or crank out billions of spam e-mail messages. Or the Conficker masterminds might order the computers to do nothing at all - at least, not yet. After April 1, the infected machines will keep trying to download new instructions every day. So a wave of Conficker-related cybercrime may not strike for days, weeks, or months.

"The whole date of April 1 has been blown a bit out of proportion," said Wang. "Focusing on a single day is really not the answer to this kind of security problem."

Instead, Wang said that computer users must consistently use good security practices. Windows computers should be set to automatically download and install the latest security patches, and users should always run an up-to-date antivirus program.

Those who suspect that their machines have already been infected with Conficker may not be able to directly download a program to remove the worm, because Conficker can prevent this. They should use a different computer to download a removal program, and then install and run this program on the infected machine.

Removal programs are available at the website of Microsoft Corp. and major antivirus software makers like Symantec Corp., Sophos PLC, and McAfee Inc.

What do you guys think? I'm not even sure if my PC is infected, since I can't get the Internet to connect, so I can't tell if I can get to security websites. I think this could be a joke, but who knows.

Re: Conficker strikes, or is it a prank?

Posted by: fivex
Date: 2009-04-01 10:48:45
One thing I know, is that it's a hardware problem. Home computers are not that much infected. And conficker doesn't even block everything on the internet anyway.

Re: Conficker strikes, or is it a prank?

Posted by: Wild MissingNo. appeared
Date: 2009-04-01 12:32:51
Far as I know Conficker, blocks websites, like Avast, or AVG, and such. It's like the news, said to get the software from an non-infected computer then find away to send it to the infected machine without having Conficker jump to the non-infected machine.

Re: Conficker strikes, or is it a prank?

Posted by: fivex
Date: 2009-04-01 12:43:59

Far as I know Conficker, blocks websites, like Avast, or AVG, and such. It's like the news, said to get the software from an non-infected computer then find away to send it to the infected machine without having Conficker jump to the non-infected machine.
But you cannot connect to anything, o it isn't conficker. Anyway, nothing bad yet…

Re: Conficker strikes, or is it a prank?

Posted by: Wild MissingNo. appeared
Date: 2009-04-01 13:55:17
Conficker, doesn't block Internet, it just blocks secutiry, websites. I'm gonna check my Google News, from my Google account, to see if there's any news on Conficker. Oh, shit. Here's some news on Conficker.:

Conficker D-Day Arrives; Worm Phones Home (Quietly)

The Conficker worm today has begun to phone home for instructions but has done little else. Conficker was programmed to today begin actively visiting 500 out of 50,000 randomly generated web addresses to receive new instructions on how to behave. Conficker has begun to do this, according to security company F-Secure, but so far no doomsday scenarios have emerged.

Among security experts, the consensus seems to be that very little will happen today. This may be in part because of the high amount of publicity Conficker has received, but then again April 1 is not the first time Conficker has been programmed to change the way it operates. Similar trigger dates have already passed with little change, including January 1, according to according to Phil Porras, a program director with SRI International. Security experts at Symantec, the maker of Norton Antivirus, also believe the threat is overblown and says Conficker today will "start taking more steps to protect itself" and "use a communications system that is more difficult for security researchers to interrupt."

Technology companies and experts across the globe have been working together to halt the spread of Conficker, disrupt its communications and uncover who created the worm. Microsoft has even issued a $250,000 bounty for information leading to the arrest and conviction of Conficker's authors. Despite the security sector's best efforts, very little is known about the origins of Conficker or its purpose. Nevertheless, some breakthroughs have been achieved. On March 30, Security experts with the Honeynet Project discovered a flaw in Conficker that makes it much easier to detect infection. IBM researcher Mark Yayson also believes he has discovered a way to "detect and interrupt the program's activities," according to The New York Times.

Since the Conficker worm was discovered in October 2008, the malware has only received programming updates from its author and worked to infect other computers. Conficker is believed to have infected 10 million computers worldwide mostly in Asia, Europe and South America. According to IBM, only 6 percent of North American computers have been infected.

While today may be a non-event, Conficker could be used to create harm in the future. Possiblities include a massive botnet, which would give Conficker's authors control over millions of computers worldwide. The botnet could then be used to attack corporate or government networks, commit identity theft, or deliver massive amounts of spam. Security experts warn that all Windows users must make sure their operating system and antivirus programs are up to date with the latest patches and virus protections. So far, Windows is the only operating system known to be vulnerable to Conficker.

Re: Conficker strikes, or is it a prank?

Posted by: Thomas
Date: 2009-04-01 19:27:08
As a matter of fact, my concern about Conficker turned out to be for nothing: neither of my computers were infected, as I have just found out.

Re: Conficker strikes, or is it a prank?

Posted by: GARYM9
Date: 2009-04-01 19:58:44
People in school were saying they weren't even going to go online today because of it.  I told them, "I am, because I'm not stupid enough to get infected by it." Then they said, "LOLOLOLOLOLOLOLOLOLOL IT CAN GO ON YOUR COMPUTER JUST BY CONNECTING AND WILL GO IN ANYWAY POSSIBLE!!!!!!!!!!!!!!!!! YOU DON'T EVEN HAVE TO DO ANYTHING! IT JUST INFECTS!"

Re: Conficker strikes, or is it a prank?

Posted by: Ratipharos
Date: 2009-04-01 20:06:55
Yay! I can go to Windows! I can Update!

Re: Conficker strikes, or is it a prank?

Posted by: fivex
Date: 2009-04-01 20:24:16

People in school were saying they weren't even going to go online today because of it.  I told them, "I am, because I'm not stupid enough to get infected by it." Then they said, "LOLOLOLOLOLOLOLOLOLOL IT CAN GO ON YOUR COMPUTER JUST BY CONNECTING AND WILL GO IN ANYWAY POSSIBLE!!!!!!!!!!!!!!!!! YOU DON'T EVEN HAVE TO DO ANYTHING! IT JUST INFECTS!"
FYI if you are unpatched then they are correct.

Re: Conficker strikes, or is it a prank?

Posted by: GARYM9
Date: 2009-04-01 20:56:19
Not if you're just sitting there on the internet, no browsers, no programs, no anything; you're just connected.

Re: Conficker strikes, or is it a prank?

Posted by: shaggs
Date: 2009-04-01 22:36:01
This is one of the reasons why I'm glad to
be a Linux user, not to brag or anything but
it probably would have been brought up sooner or later.

Re: Conficker strikes, or is it a prank?

Posted by: Wild MissingNo. appeared
Date: 2009-04-02 00:49:26
Conficker does sent spam email, as I got a weird email yesterday, but I didn't open it, I just marked it as junk. I've just checked Google News, and they have some more information.:

Conficker worm doesn't dig deep

Despite widespread fears of a mass outbreak on the Internet on Wednesday, the Conficker worm proved to be a dud.

But what the Conficker episode did show is the dangerously primitive state of Internet security, several experts said, even as cyberthreats increase.

All people had to do to protect themselves from Conficker was to apply an emergency patch that Microsoft issued in October - ahead of Conficker's arrival - for a recently discovered flaw in the Windows operating system that Conficker was designed to exploit.

The patch was originally intended to protect Microsoft's customers against a different piece of malicious code, a data-stealing worm called Gimmev that targeted Asia and Eastern Europe, said Mary Landesman at Scansafe in San Francisco.

But many companies and home users didn't apply the patch right away, and Conficker's creators - who improved on techniques and code found in last year's Storm worm - had their opening.

"We tend to be pretty lazy about this stuff," said Richard Howard, the intelligence director of iDefense, which protects companies and government agencies. "I was talking to somebody who pulled an old server out of a closet that hadn't been on the Internet for a while and hadn't been patched, and they got it."

Conficker could still activate itself, and it's not the most dangerous piece of malicious code out there, several experts said.

In the past five months, there has been an explosion of code designed to steal data from specific companies and government agencies, including a worldwide spying operation reported last weekend by Canadian researchers that has targeted computers in more than 100 countries.

Re: Conficker strikes, or is it a prank?

Posted by: fivex
Date: 2009-04-02 03:46:48
There's a 99.9% chance of that e-mail not being from conficker according to trend micro.

Re: Conficker strikes, or is it a prank?

Posted by: Wild MissingNo. appeared
Date: 2009-04-02 03:54:02
Conficker, is a malware-worm, as it still sends junk/spam email. I never open emails, only if they are from people I know, then fine, since I send myself emails to my other MSN Messenger Account, when I'm sending stuff to my PC, or such. It's still best not to open an email you're unsure of the sender, incase it'll be virus, or it'll be one of Conficker's spam emails. I haven't found out what type of emails, it sends, on the names that hide the Conficker worm inside.

Re: Conficker strikes, or is it a prank?

Posted by: glitchhunter09
Date: 2009-04-12 21:33:09
I think that the creator of Conficker is located in one of the continents/countries that were hit the hardest. Mainly because he could exploit and control computers within his own country and steal secrets form government agencies and stuff. Microsoft should check those countries first. I'd love to have that 25,000 Dollar bounty they have on Confickers creator. *Loses the ability to see due to Dollar signs in his eyes.*