All quiet on the Conficker front. Now what?
As expected, the Conficker worm failed to cause the digital pandemonium that some may have feared.
So, can we all just go back to playing on Facebook and watching the game now?
Not really. Just because the worm failed to create much of a stir on the day it was set to activate, April 1, doesn't mean it won't wake up and act later.
"The (malicious) hackers can tell their worm to do something any day of the year; they're just as likely to do it tomorrow or next Wednesday or in August," said Graham Cluley, a senior technology consultant with Sophos.
Then why the April 1 message in the code?
Cluley says he doesn't know. "This was such an invisible change inside the code. It was inconsequential to the infected computer that maybe (the creators) didn't think there would be such a frenzy," he said.
Today, as on any day, PC users should make sure their systems are patched and running the latest security software. People should patch their systems to close the hole in Windows it exploits and update their anti-virus software. The major anti-virus vendors all have free Conficker removal tools.
The worm also can spread via network shares and removable storage devices like USB thumb drives. So users are advised to use strong passwords when sharing files on a network and to download a patch Microsoft released to address the Autorun feature problem in Windows that makes using removable storage risky.
Oh, and be careful about searching for Conficker removal software on Google. Scammers have managed to get fake security sites among the top searches, Cluley said. Bogus sites are designed to steal your credit card information and could install malware on your computer instead of a legitimate security program.
So, what is the intention behind the worm, anyway? Why all the fuss?
Like many other worms, it's likely the Conficker worm is designed to create a botnet that could be used to send spam, launch denial-of-service attacks to shut down Web sites or steal data from infected computers.
David Perry, global director of security education at Trend Micro, said he suspects that the worm creators will slice up the botnet and sell it to spammers via underground forums, like they did with the Storm worm.
"The funny thing is that everyone has these expectations that come to them from science fiction viruses. In the movies they blow up the terminal, tip over an oil tanker and bring aliens out of the sky," said Perry. "In reality, the kind of thing a botnet does is much less visible. It's a lot more insidious of them to steal your bank password than to blow up your computer."
Hear more about what happened and didn't and why on this CNET podcast.
Update 9:45 a.m. PDT Microsoft is offering a $250,000 reward for information leading to the arrest of whoever is responsible for the Conficker worm, but this isn't the first time the company has done that. Microsoft launched its $5 million Anti-Virus Reward program fund in 2003 and offered $250,000 rewards each for the MSBlast worm, the Sobig virus, the MyDoom virus and the Sasser worm, but only ended up paying out on Sasser.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
and you Windows users fell for it big time !
Conflicker exploits a hole that Microsoft patched way back in October 2008, so I knew that it would not be a problem for me, or anyone else who keeps their system up to date,
Example, people were freaking out over the Y2K bug hyped up by the media and nothing happened. Apathy set in afterwards and these same people were so caught up in the media hype they forgot to buy a weather radio for the springtime hurricane season.
Next.
Oh wait a moment- the first thing it did was tell me of *85* mandatory critical security updates that it needed to run immediately before I could use the system. That took more than three hours with a cable connection.
Yeah... that's not exactly a positive experience end users should have to go through for their first exposure. OS X and Windows both install fully updated versions in shorter time.
As for the rest of your comments- it's easier to find files faster- there are fewer files for you to look at. USB devices open faster because again, there are a much smaller number of USB devices supported- if it isn't, then you're on your own to hopefully dig through obscure forums to find something or write your own. Again, not something the neophyte should be expected to do for an out of the box experience. You do indeed have more control over the administration- and that's because you need to in order to bring the system up to a usable state in comparison to OS X or Windows.
Argue or deny the facts all you want, but this is the reality of the situation.
and the alternative being having an unpatched, unsecured system ('cause, you know..that's what windows does..it MUST be the better way!!) until the user "gets around to" running the patcher is preferable to waiting for the OS to automatically download/install security updates immediately after installation? /rolleyes.
It's that philosophy that has created the foundation for building botnets. Convenience trumping security ftw! My only wish is that there was a way to fine people who let their machines become infected....force some personal responsibility onto the userbase for a change when their negligence helps to jeopardize the internet as a whole.
And you're right...Linux isn't as user-friendly as Windows (xp, anyway) because the newest Linux distro's actually insist on doing a lot of things with a "best practices" approach..which can be inconvenient and/or unfriendly. MS is trying to figure that out with Vista's UAC...better late than never.
Secondly, if you say it is not user-friendly, you haven't tried it. On my computer, everything but the printer worked out of the box (without installing anything). It supports all USB drives and digital cameras. You just often cannot install the software that is provided with the device. The printer required visiting the website of the manufacturer and it worked also. I am optimistic that they will also improve in that area.
Thirdly, if I have problems with Windows, I am almost always stuck and cannot do much. In Ubuntu, googling for help always brings a solution to your problem.
In conclusion, I have Ubuntu installed on my desktop and netbook (Lenovo Ideapad) and I am very happy. For the latter, I even removed the existing Windows XP. I do no longer like the feeling of that OS.
so, if you want you can happily make a embedded updates, service packs, hotfixes, drivers, et al and then install and then with the latest updates already embedded you get to download the least of updates after the custom windows creation date. and you are done. and in a same way? with ubuntu/debian/redhat EL/fedora? you can make your custom cd with latest updates and bux fixes and security isses resolved and install, then you can skip the 85 updates which take ice ages on your cable router. so i guess i can happily garbage the users who does nothing bit nag like friggin women.
period.
and i guess this posts end up using word processor, where they put the words in a processor, turn the spinning wheel on then the words churn and they put them back from the mixie and back to a plate and serve it to a reader to relish how cool retardism actually tastes.
be good be good, to the womanhood.
i decided to support mac non-devs they are the best source of laughter and also i can pull my life notepad out and write "LEARN FROM MAC NON-DEVS HOW NOT DO THOSE THINGS IN REAL LIFE."
Now Vega_Dan, don't go crying to Cnet to sic the FBI on my ass, now, ok?
APRIL FOOLS SUCKERS>
Give it up- it's not that big of a deal. Your every waking moment of your existance does not need to be dedicated to the obsession of discrediting all things Microsoft. Really- go out and take a walk, enjoy the nice weather, make new friends. You'll find your life much easier if you don't go so LALA over an operating system.
Perhaps if you tried saying something funny....
Show a bit of kindness, lads. He has enough difficulties as it is.
simple, cheap,practical precautions are all that needed to avoid this ****.
Could someone please explain?
By the way, both of us had the Conficker before the attack, but got rid of it before the 4/1.
- by tipoo_ April 3, 2009 7:34 AM PDT
- Maybe they just want us to think it does nothing...
- Like this Reply to this comment
-
(35 Comments)