Countdown to Conficker--a bust so far
This post will be updated continually to track activity on the Conficker worm, the latest variant of which had been expected to hit the Internet on April 1. For more background on Conficker, click here or read below.
April 1, 6:35 a.m. PDT: McAfee says its Avert Labs is seeing Conficker-infected hosts attempting to call their "master" to get instructions, but those calls are not getting through. "This could be deliberate and the infected hosts may try again later, perhaps over the weekend when people aren't watching as closely," McAfee spokesman Joris Evers says. Hear more on this podcast. And for more technical details on what the worm is doing, McAfee Avert Labs has an updated blog posting.
April 1, 3:27 a.m. PDT: At F-Secure, a Wednesday morning post says there's still nothing much to report, other than a few April Fools' jokes circulating on the Web:
So it's been April 1st for almost 18 hours now in New Zealand and it's the early hours of April 1st on the east coast of the United States. So what's going on? So far -- nothing. Infected computers are generating the list of 50,000 domains and are attempting to contact 500 of those like we've described earlier, but so far no update has been made available (by the bad guys).
March 31, 7:25 p.m. PDT: Trend Micro's Paul Ferguson reports that things seem quiet. "So far, there's been no significant activity," he said, adding that a Trend Micro researcher in the Philippines reported seeing the same amount of traffic on Wednesday as he had been seeing the past few days in Asia-Pacific.
March 31, 4:00 p.m. PDT: The Conficker worm is stirring on some infected computers in Asia where it's April 1, but so far the activity is very tame, security researchers say.
"We've seen activity in honeypot machines in Asia...They're generating the 50,000 list of (potential) domains to contact," said Paul Ferguson, an advanced threats researcher for Trend Micro.
The latest variant of the worm, Conficker.C, was set to activate on April 1, which for some of the infected machines will happen at local time and for others it will be GMT, depending on whether the machines are turned on and connected to the Internet, he said.
The process seems to be starting slowly, with infected machines starting to generate the list of domains and then picking one domain and trying to contact it and waiting before continuing on through 500 of those 50,000 domains, according to Ferguson.
The owners of the infected computers likely won't notice anything, unless they can't access the Web sites of security vendors and then they will know they are infected, he said. Trend Micro has figured out a way to unblock the computer from the sites that the worm has blocked using a Microsoft networking service, he said. More details are on the Trend Micro site.
"Nothing at this point; we're running updates every half hour or so," Dave Marcus, director of security research for McAfee Avert Labs, said when asked to report what he was seeing. "They're supposed to connect to one of a variety of Web sites and download a piece of code. What that code is supposed to do is up in the air."
IBM ISS's X-Force group also reported that things were quiet, at least for the moment, in Asia where most of the infections are. Nearly 45 percent are in Asia, followed by Europe at about 30 percent, 13.6 percent in South America and 5.8 percent in North America, according to the Frequency X blog.
IBM ISS also said it had found a way for ISPs to detect infected computers on a network by monitoring the peer-to-peer communications the worm makes between infected PCs.
Experts say the worm could be used to steal passwords or other sensitive data from infected computers, or turn them into a botnet that sends out spam.
The worm exploits a vulnerability in Windows that Microsoft patched in October and spreads through weakly protected network shares and via removable storage devices, like USB drives.
Conficker.C also shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It reaches out to other infected computers via peer-to-peer networking, in addition to being programmed to reach out to 500 domains to receive updated copies or other malware instead of just 250 domains as earlier versions did.
Click here for an FAQ about the worm.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Security updates are NOT blocked for illegal copies. I thought it's time for you to get a clue.
Yeah, the media might be blowing this one out of proportion a little bit. On the other hand, do we really know what it's doing under the covers? It would be a shame if it "went off" (whatever that means) and no one had heard about it until it was all over. I'd prefer people were thinking about it - thinking about computer security even a little bit, even when they're not a target. It's better than what we've had in the past, where security was an afterthought if a thought at all.
Time for a trip to your local Apple dealer.
All I use is Apple's and this is a great reason to go out and buy!
Good news for Steve Jobs...
The more people buy macs the more the hackers will attack them also.
Seriously people kepp yourself updated!! Is it so hard? We all sit in front of our machines so often it's next to impossible to believe things like this become such a big issue.
i dont agree that the more MACs out there, that necessarily there would be more viruses target for the platform. The $$$$$ is with Windows attacking viruses/malware/worms... Have you seen what MSFT given in the way of patching these holes.
No OS can claim to be rock solid totally secure. And I am in fact using a Powerbook G4. Just making sure people know i use both...
Anyway, my wife uses her Dell, i must say i never had so many problems... the 'feature' in Windows is the ability add extensions... that is the problem. We'll see what Windows 7 offers... but then again i would have to upgrade her PC... in that case i would rather buy a MAC and run boot camp... why limit yourself to one OS on each machine.
VANCOUVER, BC ? Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple?s Safari browser.
?It took a couple of seconds. They clicked on the link and I took control of the machine,? Miller said moments after his accomplishment.
Yea Yea Mac is wonderful. As the comment early it is all about what is most used. Most internet problems these days are malware. Which is about revenues and making money, why spend time writing software for 15% of the population if you can get it to 80% of the population.
I do agree that Windows is good if you want to use your computer for games (Not server side, just for the client).
Almost. It's like picking between the 5th and 7th level of hades - it's still hades!
or may be "Hi this is skynet, watch out for nuclear missiles that are about rain down on you, bye have
an nice day"
on a more serious note I am sure the world will, mass riots on streets, it will rain fire and all the other things Armageddon is suppose to bring.
Shame on cnet for adding to the hype
"There are 10 million infections..."
That's the best guess, and that's only a guess because nobody can actually seem to find any evidence of infections, so they are basing their guess on what might happen.
Even as a best guess it's several *billion* lower than the orginal estimates making this one a complete failure of a worm. :/
I believe Microsoft, like any company, would want to prosecute any individual that was intentionally trying to commit illegal acts against the company or its products.
That has nothing to do with the success or failure of the worm itself.
Apple panders to elitists, strokes their ego to make them hand over their cash. Apple fanatics are like a people who don't like Wal-Mart so they pay more to shop at Target.
When I can, I shop at locally owned grocery stores. When it is 3:30 AM and I am just finishing up for the day, I go to Walmart because they are the only ones open.
Learn to value your time and money takes care of it's self (Now back to work.)
I had an experience like aru20 myself once. My answer at the time was to turn on the bat guano signal, which caused some caped crusader to come to my rescue. Unfortunately, I came down off the mushrooms soon after that.
;-)
;-)
It also states that ISPs can implement a network scanning solution from IBM. Of course, ISPs could already be scanning attached hosts with the free conficker aware nmap beta etc. However, let's ignore that on the grounds it may be too traffic intensive and likely to set off a lot of firewalls leading to customers moaning to technical support (and all the joys that brings when it occurs suddenly and en masse).
Finally, we've also learned that the list of bad domains is 500, not 250.
Now either I've got it wrong, the article is missing the obvious or is wrong or security experts aren't as smart as they seem but from the information presented it would seem the logical and simplest way to combat this is to wind the clock forward on an infected PC (to April 1 local time or failing that to April 1 UTC), capture the list of 500 domains and publish them to ISPs to be blocked. A good idea would have been to do this in OCTOBER.
The whole thing sounds highly overrated to me. I'll happily eat my words when my PC vomits green 0s and 1s though...
Spoken like a truly ignorant person. But you did just give the biggest reason for Window's success:
"near-universal software compatability"
And you're hoping people will go to Linux where this is not the case? Um, good luck with that. Why would people move from having working computers to a piece of hardware that they have to learn how to compile a kernel, dig thruogh forums to find drivers, vague references to multiple .conf files that may or may not be in use, and the general confusion that is Linux?
Linux is great fo geeks like those that read CNET forums. It is *not* a consumer OS.
I installed Ubuntu last year on a Dell box. I have current copies of Knoppix on CD for testing purposes.
If you disagree with my comment that Linux is not meant for consumers at this time, then please look to the current Netbook market. Asus brought their Linux units out along with Windows versions. Guess which one sold best?
Walmart has *twice* now brought Linux whiteboxes into the store for sale along side Windows units. Guess which ones sold?
Why are there no Linux boxen at the big box stores in easy to purchase and use configurations?
Wake up and smell the penguin.
I can smell the penguin and though it may not be springtime fresh it's a far cry better than Ballmer's backside.
Plus, note that your Ubuntu powered Dell is immune to Conficker.
:-)
by nickh2 March 31, 2009 5:14 PM PDT
Ding Dong the sky is falling!
Time for a trip to your local Apple dealer.
------------------------------------------------------------------
Buying an Apple will not resolve the issue, it just prolongs the effect.
The fact is we can all spend spend spend and keep jumping from one OS to another but the fact is that they will target whatever is used the most.
A.K.A Mac or Linux
Just because the worm can't affect our computers, doesn't mean we don't want to see how it turns out!
Unfortunately this same sense of arrogance and ingorance will make them blind to any threat that comes to their system. They may be infected right this very moment but they won't know it and that becomses the real sad truth.
;-)
"Nice comeback Perry. Think anyone else got it?"
I think he addressed it quite well already.
They can't just lauch it aona full scale thoughout the world?
It must be a wave coming towards us and other countries.
I guess we will have to see when it gets here and confirmed a non-threat.
Just unplug u comp or/and disconnect the internet for the day, till words out, It has passed...
LAWL
beat this!
now even pirated windows user can also get the update/system upgrade w/o the hassle of using the old fashioned update.microsoft.com
does it help?
this is another reason why people should stay away from MAC. mac users who are not developers MAKES THE ULTIMATE NOISE.
bahahaha!
there are more than one way to solve a simple problem viz.
(a+b)^2 = c^2-2cd+d^2 where a=c and b=-d and since computer and IT is/are 199% based on math and 1% human error, which is why its 200% (in)efficient. hehehe ;-)
sorry no 2 cents for any one here.
boycott MAC USERS but not APPLE MAC products. common sense - just works (TM).
Speaking of clowns posting crap all over the net- what excuse do you have for your own comments? I've seen you polluting the various story threads here on CNET with nothing but utterly ridiculous and venomous comments intended to do nothing more than incite controversy and make Macintosh users appear as loud mouthed ignorant jerks.
Please...PLEASE do not continue to represent Apple users in this way.
APRIL FOOLS!
So... what happened there, AppleRocks1963? Care to explain the lack of anything actually happening?
Go ahead- let's hear your story. Would you like a bit of mustard to go with your crow?
;-)
AppleRocks1963 needs something to do, so might as well toss him a bone or two now and then.
- by BNAMack April 1, 2009 8:10 AM PDT
- Won't the Appelites be surprised when their OS becomes a target after capturing the majority of the market . . . .oh, wait..
- Like this Reply to this comment
-
Showing 1 of 2 pages (85 Comments)never mind