Not to be a harbinger of doom, but this one sounds bad. There are some 6-15 million computers out there running Windows which are infected with a computer virus, dubbed Conficker C. The recent report by SRI makes for some chilling reading. On April 1 (that is, next Wednesday!) the virus is set to…well…do something. It’s not clear what, but with so many millions of computers will do it. The report concludes:
We present an analysis of Conficker Variant C, which emerged on the Internet at roughly 6 p.m. (PST) on 4 March 2009. This variant incorporates significant new functionality, including a new domain generation algorithm and a new peer-to-peer file sharing service. Absent from our discussion has been any reference to the well-known attack propagation vectors (RCP buffer overflow, USB, and NetBios Scans) that have allowed C’s predecessors to saturate so much of the Internet. Although not present in C, these attack propagation services are but one peer upload away from any C infected host, and may appear at any time. C is, in fact, a robust and secure distribution utility for distributing malicious content and binaries to millions of computers across the Internet. This utility incorporates a potent arsenal of methods to defend itself from security products, updates, and diagnosis tools. It further demonstrates the rapid development pace at which Conficker’s authors are maintaining their current foothold on a large number of Internet-connected hosts. Further, if organized into a coordinated offensive weapon, this multimillion-node botnet poses a serious and dire threat to the Internet.
Yikes! Whoever wrote this thing is not a very nice person…or persons. The C variant apparently managed to upgrade itself over the network, and disables security anti-virus software. If I were you (and I am apparently not because I use only OS X and Unix) I would update my antivirus software every day and scan my machine. And leave it off next Wednesday if possible.
Pass the word…
March 25th, 2009 at 5:35 pm
i-switched very recently, so I could use this as an opportunity to snicker, but in all honesty this sounds like yet another doomsday scenario. I have a feeling next Wednesday there will be a new one.
March 25th, 2009 at 6:34 pm
Those who don’t use/own a Windows PC shouldn’t feel too smug. It’s your Internet too.
March 25th, 2009 at 6:46 pm
I certainly don’t feel smug…I’d hate to see this thing unleash a really malicious attack.
The SRI report sounds dire, but there is a variation of opinion out there as to how big a threat this is. See for example
http://arstechnica.com/security/news/2009/03/confickerc-primed-for-april-fools-activation.ars
and
http://www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.aspx?idvirus=204292
and
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=77976
It all depends on the intent of the authors, I guess, as to how bad it will be.
March 25th, 2009 at 6:47 pm
Bot-nets anyone?
http://blog.longnow.org/2008/08/19/daniel-suarez-daemon-bot-mediated-reality/
http://fora.tv/media/rss/Long_Now_Podcasts/podcast-2008-08-08-suarez.mp3
Hail Linux!!!
March 25th, 2009 at 7:12 pm
Well, after using Windows 7 for a week, I realized why I bought a Mac in the first place. My HP laptop is definitely turning back to Ubuntu.
March 25th, 2009 at 9:18 pm
OS X ⊂ Unix.
March 26th, 2009 at 12:00 am
I thought people are buying from MS since they actually want to deal with the excitement. Viruses are important features of Windows. They create new business opportunities for computer security companies, so all is great for US economy.
March 26th, 2009 at 1:19 am
I use Windows purely because I play PC games. Those of us who game are pretty much locked-in until developers worldwide see the light and provide robust alternatives.
March 26th, 2009 at 2:05 am
Here’s a week old comment from a real hacker:
“I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows.”
http://blogs.zdnet.com/security/?p=2941
March 26th, 2009 at 2:35 am
1st April? How convenient….
March 26th, 2009 at 6:05 am
doomsday. puuuulkllleeeeeezzzeee!!
This is nother but another Y2K scenario. In the famous word of Sir W. S.
“Much ado about nothing”
March 26th, 2009 at 6:33 am
Yeah, having 90% of the market kinda makes it the target for everything. As mentioned above, macs are not actually much more secure, but there’s almost no one writing viruses for macs (ingtana.a, leap.a, stuff like that come to mind).
PC’s basically lack herd immunity- the number of viruses that are ‘unwashed’ is too high for the sheer number of users it can be propagated through. You only need a small percentage that haven’t updated their security, or to willingly install a virus from an email attachment, or whatever, to come up with a pretty grand problem.
<–I have both windows and unix machines. Neither has had a virus in years and years. Guess I just don’t open too many email attachments with bad grammer?
March 26th, 2009 at 6:42 am
Oh, and don’t let me give you the wrong idea. Macs are a heck of a lot more secure than a windows machine, as least as far as the typical exploits are concerned. But to think anything as complex as an OS can lack any means of exploit whatsoever?
March 26th, 2009 at 8:31 am
Spiv, it doesn’t take opening questionable email. All it takes is an exploit and a compromised website. I recently got a variant of Vundo. I don’t look at porn, download cracks, or go to other questionable websites. I use Opera, not IE, Firefox, Chrome or Safari, so my browser is too obscure to be an effective vector. I use Gmail webmail, not Outlook.
However, somehow (probably through JavaScript), I ended up with an infection that AVG couldn’t detect, even after several days of update-and-scan cycles. It disabled Windows Update, Folder Options (after disabling viewing hidden files and hiding itself), and regedit. Then it proceeded to drop more and more virus and trojans on my machine (which AVG did detect).
I had to get the AVGRTK_remover VB script to fix the registry keys that were thwarting my attempts at removing the virus manually, and ended up using my work laptop to scan my HD over the network with Symantec to identify all of the viral files. It took the better part of a week to completely remove all traces.
So I was embarassed to have been infected, since I’m someone who “knows better,” but there was nothing that I did that was high-risk. Sometimes it just happens.
March 26th, 2009 at 10:01 am
I’m covered by viture of the fact that both my fairly new laptop and my backup laptop are out of commission. Hooray?
March 26th, 2009 at 10:02 am
*Above should be “virtue”.
March 26th, 2009 at 12:06 pm
Egaeus: vundo/virtualmundo is a very interesting one, I messed with that on someone else’s machine not long ago. Apparently chrome is the only thing immune to it. Anything else it is able to exploit javascript somehow, and from there it’s a pain to remove (though if you are still stuck on it I can explain the manual removal process).
Even if you think your spyscanner or virusscanner got rid of it, it’s very wise to manually check. Pop into the system tools-> system information, click software environment->startup programs and look for things that are a fairly random string of ~7 letters. If you can’t find an actual process related, you’re still infected with it, despite whatever your anti-junk tools tell you.
This little nicker is really, really obnoxious, because you don’t have to do anything wrong to get it (unlike almost all others), and it’s basically immune to every protection, and no one seems to have an answer to actually gaining immunity to it.
I’m used to the type people write by exploiting security issues that are openly outlined in MS’s security bulletins and work by assuming enough people are too lazy to keep their patches up to date. Vundo is different. Very different.
March 26th, 2009 at 3:41 pm
Hell why don’t you guys give up and run Ubuntu. Then you can stop worrying and enjoy life. Sill I always keep my system fully patched and up to date just to be safe anyway.
March 26th, 2009 at 8:10 pm
…and all the villagers of Troy welcomed the magnificently crafted gift that had been rolled up to their impregnable gate….
“Perhaps we should send a thank you note to the Spartans who sent us this magnificent horse…
There are seriously bad people out there, and whether or not this particular virus is cybergoedden is beyond the point…This is the blueprint for how a cyberwar will be carried out someday.
Also, this worm has infected the British Royal Navy and Parliament, the French Air Force, the Houston, Texas courts and police, and many others.
Clearly there is not that much incompetence in IT security around the world.
This beasty deserves watching
March 26th, 2009 at 10:12 pm
Fusion is off, and will stay off until the coast is clear.
March 27th, 2009 at 1:00 am
The particular vulnerability that this work exploits should have been patched a month ago. Only vulnerable systems is where the admins have not maintained the patches diligently. See KB 958644 for details.
If you’r XP PC is not patched, ans has this KB entry in your updates history, go to the windows update site now.
March 27th, 2009 at 1:12 am
speling FAIL
March 27th, 2009 at 3:14 am
I’m actually a bit surprised that Macs haven’t reached critical mass yet. They seem to be pretty popular so I’d have thought they’d be able to sustain virusses of their own. Not least since Macheads like to hang out with Macheads.
Or are all malicious vira in reality made by Macowners? The hatred sounds so strong online that Windowsusers ought to have found some way to sabotage Macs by now.
March 27th, 2009 at 8:25 am
Next Wednesday, huh?
March 27th, 2009 at 9:16 am
I am also surprised we’re not the victims of malware more often. Given the irrational hatred that flows from both sides, it seems natural that some Windows partisans would take the endless litany of “Macs R Safe, pee-cees R teh sux” as a challenge. We know from all the vulnerability patches we get that MacOS is not invincible. It’s arguably harder to take over the entire system on a MacOS machine, but it’s not impossible to do serious damage, and reportedly no more difficult. Yet there’s not a single serious malware threat that I’m aware of that targets Mac users. Why?
March 27th, 2009 at 12:56 pm
We alreay disinfected it off our corporate network. I am a little bit concerned about DDOS attacks disrupting some internet service somewhere, but I expect that by Thursday it will be like nothing happened. Widespread minor annoyance, mainly from you all worrying too much about it. You all do have a backup strategy, right? You need to test it, but not for this. Not having a backup strategy that works is much riskier.
March 28th, 2009 at 3:25 pm
Sometimes it almost seems as if Microsoft wants to encourage viruses.
For a start, each time one plugs in a USB storage device Windows immediately starts rummaging through it searching for a program to run, which on an infected device could easily be a virus, and there seems no permanent way of stopping this irritating feature.
Then there’s the insane default of suppressing file name suffixes in file explorer, so that a moderately crafty hacker could easily infiltrate a program called say funny_image.jpg.exe which an unsuspecting user would naturally double-click.
Also ActiveX and even Javascript seem to be riddled with bugs and vulnerabilities.
That’s three examples, and doubtless many more could be cited. I’m sure Microsoft are more than comfortable for viruses to be around up to a point and infecting PCs, because clearing a virus infestation is often a motive to do a clean install, and that is likely to involve a Windows upgrade at the same time.
March 29th, 2009 at 4:02 pm
That used to be the standard scare virus advice: turn your computer off on such and such day.
I think it’s silly fear mongering, and not that great a line of defense: turn computer off. As opposed to real security solutions like hardened O.S. models. I know you can’t advocate advanced approaches but seriously, “turn computer off” really takes the cake.
Let me know when you figure out how I can use a computer that’s turned off, since that would be step 2 in your solution.