Conficker

Disrupted_Hunter

Disrupted_Hunter

Newbie
Joined
Jul 25, 2008
Messages
810
Reaction score
0
Supposively there is suppose to be a virus to hit April 1st (Yes I know, April Fool's Day) on most Windows computers.

Conficker has become the boogeyman of the security industry over the last year. The latest variant of the worm, Conficker.C, is programmed to do something on April 1. But what exactly will happen? The scary thing is, no one can say for sure.

The "A" and especially "B" variants of this worm (also known as Downadup) have built a botnet estimated at several million PCs, almost exclusively through exploitation of the MS08-067 vulnerability in Windows. Conficker added some innovative techniques to update itself though a large number of domains, the names of which were algorithmically generated by the program. Because the names were deterministic, it was possible for the DNS authorities (VeriSign, et al) to block the names. With few exceptions, the worm has been unable to spread since that point several weeks ago.

Then the "C" variant came along. It adds a number of defensive measures designed to protect itself from detection and removal and it ratchets up the number of domains it can check for updates. As this very large and thorough analysis of Conficker.C from SRI International says, "...Conficker C increases the number of daily domain names generated, from 250 to 50,000 potential Internet rendezvous points. Of these 50,000 domains, only 500 are queried, and unlike previous versions, they are queried only once per day." Thus "C" should generate less traffic than the earlier versions, especially in as much as it filters the IP addresses for these domains to make them work better and avoid detection.
Click to expand...

Source:
http://www.pcmag.com/article2/0,2817,2343910,00.asp

I wonder if it will actually happen, I kinda doubt it since it's on April Fools but just incase I'm backing up my computer. And there's also a quarter of a million dollars from Microsoft for information leading to the arrest of the creator.
 
Guess a good reason for staying offline on april 1st just came up?
 
i'll be on holiday april 1st.

my computer will be safely turned off at the wall.
 
I dont get how they don't know who this is. Doesn't someone have to register those domain names first? And doesn't it cost the creator a lot of money to do so?
 
Nothing's going to happen. More world catastrophe will be caused by people not turning on their computers.... young girls may become mothers etc.
 
Why in the hell do people take time out of their day to create something that will mess with someones computer? For ****s sake. I bet it's some smelly fat guy living with his mom. That is, if the virus is even real.
 
Hobostomp said:
Nothing's going to happen. More world catastrophe will be caused by people not turning on their computers.... young girls may become mothers etc.
Click to expand...

I think he's on to us, vegeta...
 
X Hokey Pokey X said:
Why in the hell do people take time out of their day to create something that will mess with someones computer? For ****s sake. I bet it's some smelly fat guy living with his mom. That is, if the virus is even real.
Click to expand...

Simple answer. There is money to be made.
 
X Hokey Pokey X said:
How so? I think I might want to get in on this... :D
Click to expand...

Some virus makers supposedly add keyloggers to their viruses in an attempt to hack bank accounts and similar stuff. But there are many much better ways to earn money than that.
 
Also, the word is supposedly, not supposively.

EDIT: Oh, this was posted at the OP, funny that you used the word right when i was typing this.
 
No Limit said:
I dont get how they don't know who this is. Doesn't someone have to register those domain names first? And doesn't it cost the creator a lot of money to do so?
Click to expand...

A very good question.

Maybe by running inofficial DNS servers?

Althlugh they could be identified as well...

Another good question: How do they know something happens on April 1st? Did the worm tell them?
 
bassport said:
...
Another good question: How do they know something happens on April 1st? Did the worm tell them?
Click to expand...

I assume the worm itself is coded to check for commands on the 1st.

X Hokey Pokey X said:
How so? I think I might want to get in on this... :D
Click to expand...

As I understand it, a large portion of the email spam on the interwebs comes from botnets. Wikipedia says the estimated size of the Konficker botnet is about 9 million computers, capable of sending out billions of spam emails a day.

It could also be used to perform DDoS attacks, search infected computers for credit card or bank account info, or any number of other potentially profitable actions I've not thought of.
 
X Hokey Pokey X said:
Fail english is fail.
Click to expand...
Is it now?
emot-crossarms.gif
 
I just found out over the weekend, my dad's company got hit with this virus last year and he had to spend the whole day trying to fix the whole company's network
 
Who knows, , maybe even every single one of you is infected and the virus is just waiting....in the dark , deep depths of your system32 folder ....


lol

Anyway it could be serious .
 
Krynn72 said:
Not really. Most viruses are made just to **** with people. They simply do it because they can.
Click to expand...

Not really. Most viruses are made to make money. The better the virus, the more money you can make as future consultant... Of course, after released from jail.
Also same reason people make fun of each other (As someone else already said.) And for bragging rights.
 
staticprimer said:
So, funny story, it turns out the C variant is actually Skynet.
Click to expand...

The system goes on-line April 1st, 2009. Human decisions are removed from strategic defense. Conficker begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, April 1st. In a panic, they try to pull the plug. Conficker fights back. It launches its missiles against the targets in Russia.
 
Xevrex said:
Seriously, you guys think this'll happen? It might, it might not in my opinion, but it seems sorta like bullshit just like the Y2K bug.
Click to expand...

Except Y2K bug wasn't malicious in nature at all.

This is a worm, and it is malicious. It's designed to work, and it will work. The scope is what's in question, but it will work.
 
Krynn72 said:
Not really. Most viruses are made just to **** with people. They simply do it because they can.
Click to expand...

And you don't think people are willing to pay for such viruses? Next you'll be asking what a script kiddie is.
 
X Hokey Pokey X said:
How so? I think I might want to get in on this... :D
Click to expand...

Aside from keylogging and stealing information, identity theft. There is a good chance that ones you are caught you can get a good paying job working for one the companies you did most harm to by working for their anti-hacker defenses or something.
 
"almost exclusively through exploitation of the MS08-067 vulnerability in Windows"

Couldn't they have easily patched this?
 
They did patch that, but not everybody patches.
 
Why do they never release sufficient information on the virus though? They don't even explain how they know it occurs on April 1.
The people who are assed enough to look this sort of thing up on the internet are usually the people that could help the most.
 
this is probably a hoax to try and save energy by the government. then they'll jack up energy costs. if i am wrong so be it!
 
V-Man339 said:
Why do they never release sufficient information on the virus though?
Click to expand...

This link may be of some use to you.

Also, for most people, "sufficient information" is 1) How big of a problem is it? and 2) How do I get rid of it. All of which is easily learned about either through the link above, or in the source link that was in the original post. Most people dont give a damn how they found out about it our what it does.
 
V-Man339 said:
Why do they never release sufficient information on the virus though? They don't even explain how they know it occurs on April 1.
The people who are assed enough to look this sort of thing up on the internet are usually the people that could help the most.
Click to expand...

I'm assuming they backwards engineered the worm. There's logic inside of it, and they can get in there and see what it's going to do, since computers only do what they're told, the worm would only do what it's told and they'd be able to see that when they cut it open and look at what's being executed and when.
 
According to f-secure, it's started where it's already April 1st and nothing has happened so far.

...Maybe it is an April Fool's joke. "We infected millions of computers and on April 1st, it's going to activate and do..... NOTHING!"
 
As it turns out, it's all a tool for anon to create huge DDoS attacks on scientology websites.

Hell I don't know. 12:09 A.M. Nothing has happened here.
 
You must log in or register to reply here.

Similar threads

Hectic Glenn
Valve and Perfect World Announce 'Steam China'
Replies
0
Views
20K
Hectic Glenn
Hectic Glenn
MFL
Fascinating look at the ongoing psychological evolution of flat hieirarchies.
Replies
2
Views
2K
Tollbooth Willie
Tollbooth Willie
B
Barking Dog Studios' work for Valve
Replies
0
Views
12K
Barnz
B
B
Early user interface prototypes for Counter-Strike: Global Offensive
Replies
4
Views
67K
Tollbooth Willie
Tollbooth Willie
B
Marc Laidlaw releases Half-Life 2: Episode Three's plot
Replies
32
Views
39K
BabyHeadCrab
BabyHeadCrab
Back
Top