home

Is Conflicker For Real?

I don't know if Conflicker is a real or over-hyped threat, but I'm not taking chances. I've updated two laptops and a desktop tonight, and now I'm going to back them all up.

Let's hope it's just an April Fool's joke. If not, and it knocks you out, here's CNEt's site with how to get rid of it.

< Raul Alfonsin, RIP | Stiglitz: Obama/Geithner Plan Makes Fools Of Taxpayers >
  • The Online Magazine with Liberal coverage of crime-related political and injustice news

  • Contribute To TalkLeft


  • Display: Sort:
    Is it real? (5.00 / 2) (#3)
    by Romberry on Tue Mar 31, 2009 at 11:13:22 PM EST
    Sure, it's real. Is it the doomsday scenario for PC's that so many reports hint at? No. Not even close.

    If your copy of Windows is up to date with the latest patches, and you have a current copy of any decent antivirus running, you're OK.

    The Microsoft Malicious Software Removal Tool (a standard part of Windows) is effective against conficker.

    There is a list of effective tools for conficker detection and removal at the web site of ConfickerWorkingGroup.Org.

    And finally, the Microsoft Knowledge Base article that has what you need to know is located here.

    I won't say, especially in light of how prevalent unpatched and unprotected (via up to date antivirus) machines are, that this is much ado about nothing. But with even the most basic steps (installed Windows updates and running an up to date antivirus app), there is nothing to be worried about.

    BTW, one dead giveaway that your machine may be infected? The inability to reach the links to Microsoft of the Conficker Working Group web site linked above. Conficker restricts your machines access to these URL's.

    Anybody (5.00 / 1) (#4)
    by gyrfalcon on Tue Mar 31, 2009 at 11:18:50 PM EST
    who doesn't have good anti-virus and firewall and keep them and Windows up to date isn't grown up enough to have a computer, IMHO.

    Parent
    My last employer (none / 0) (#23)
    by NMvoiceofreason on Wed Apr 01, 2009 at 07:31:51 AM EST
    had an owner who was CERTAIN he knew what to do...

    No updates....

    No antivirus....

    All machines connected to the internet with just a firewall...

    The Russian mob (NuWar) owned his network before I temporarily reversed those policies.

    Conficker owns them now, I'm sure.

    Parent

    What is a.... (none / 0) (#26)
    by kdog on Wed Apr 01, 2009 at 08:01:57 AM EST
    firewall?  What is antivirus?

    I know what a window is...don't have them up though, they're down, still a little chilly in the morning:)

    Parent

    Those are very busy sites tonight (5.00 / 2) (#6)
    by Inspector Gadget on Tue Mar 31, 2009 at 11:39:24 PM EST
    so, people shouldn't assume the worst if they can't get on right away.

    Parent
    True. (none / 0) (#14)
    by Romberry on Wed Apr 01, 2009 at 12:05:15 AM EST
    I guess I should have made that caveat part of my post.

    Parent
    LOL (none / 0) (#8)
    by joanneleon on Tue Mar 31, 2009 at 11:43:26 PM EST
    I can't get to the ConflickerWorkingGroup site.  It's a bit overloaded maybe?  Status bar just keeps displaying the "waiting" message.

    I can get to symantec which is also supposed to be blocked, and my anti-virus is up to date, so I am not worried.

    Parent

    I have no issue getting through... (5.00 / 1) (#15)
    by Romberry on Wed Apr 01, 2009 at 12:11:11 AM EST
    ...the the ConfickerWorkingGroup site, at least as of now. But yeah, I am sure that their servers are getting a helluva workout tonight.

    Check the Microsoft MRT links found in this post at Salon's Table Talk. If you can get to the MRT download page, you should be in the clear as far as conficker as of this time.

    Parent

    Follow up (none / 0) (#10)
    by joanneleon on Tue Mar 31, 2009 at 11:45:34 PM EST
    I can get to the main site, but not to the link you provided.

    Parent
    Another thought (5.00 / 1) (#9)
    by Jeralyn on Tue Mar 31, 2009 at 11:44:56 PM EST
    I've now made sure my virus protection is up to date on all three home computers (a pain, since one uses TrendMicrocillin, another uses Norton and a third uses WindowsLive) and backed up the files on all to external hard drives (I'll never remember which holds what).

    But, if this is about stealing financial information, we can back up our computers from now until tomorrow and if the virus gets into the system of anyone we do business with that has our information, from banks to stores to brokerage accounts to online merchants or anywhere we've given a credit card, they can get our information through them.

    What a drag. Snail mail had its advantages. Maybe we need to stop watching our computers and watch our online bank and credit card accounts instead looking for phony charges.

    Did you read the story (none / 0) (#11)
    by joanneleon on Tue Mar 31, 2009 at 11:51:34 PM EST
    about a (former?) call center employee in India selling credit card data to someone from the BBC who was undercover?

    CNET Link

    This was always something I worried about when companies started outsourcing IT and call center functions.  Not that it couldn't happen in the U.S. but it seemed to me that we were much more vulnerable when we sent all this work overseas.

    Parent

    watch the movie "outsourced" (none / 0) (#12)
    by Jeralyn on Tue Mar 31, 2009 at 11:57:18 PM EST
    It's very funny and will put your mind at ease...I laugh now everytime I call a company and get put through to someone in India. I keep thinking of the characters in the movie and how friendly and well-meaning they were. It's the U.S. bosses that are jerks.

    Parent
    Having been in IT for years (5.00 / 1) (#13)
    by joanneleon on Wed Apr 01, 2009 at 12:03:24 AM EST
    I know how much access to data bases I had.  It's hard for me to put my mind at ease.  IT people are amazingly honest.  If not for that, there would have been massive problems for years now.  

    I'm sure most of the call center people in India are sincere and that the outsourcing managers are jerks, but the BBC was able to buy the credit card data.

    Parent

    IT people have access (none / 0) (#22)
    by Fabian on Wed Apr 01, 2009 at 05:22:19 AM EST
    to a LOT of information, often in well organized databases.  A smart company never keeps more data than they need to minimize liability.

    Parent
    CNET has a liveblog (none / 0) (#5)
    by joanneleon on Tue Mar 31, 2009 at 11:39:09 PM EST
    where they are watching for signs of it.

    CNET Liveblog: Countdown to Conflicker

    It looks like they saw some signs of it in Asia but so far things are quiet.  I'm on the East Coast and past midnight.  I checked that I could get to symantec.com and I could, so I guess my free anti-virus tool, AVG, did the job.  Supposedly it exploits a Microsoft vulnerability that was patched in October, so that would have prevented it from working anyway.

    I'm not clear on exactly when it is supposed to be "set off."  I read that for some versions of the virus it hits on local time and or others GMT.

    forgot all about it. (none / 0) (#7)
    by connecticut yankee on Tue Mar 31, 2009 at 11:43:20 PM EST
    But its after midnight and I can reach the above sites.

    So, I have a Mac (none / 0) (#16)
    by caseyOR on Wed Apr 01, 2009 at 01:24:49 AM EST
    Does this mean my computer is safe? I don't have to worry about Conflicker?

    You have plenty to worry about... (5.00 / 1) (#20)
    by ricosuave on Wed Apr 01, 2009 at 02:05:51 AM EST
    ...but probably not from this virus.

    Apple users need protection like everyone else.  Apple does not have any higher security than Microsoft or Linux, and in some ways it is worse (it has lost the Pwn2Own hacking contest two years running, with an embarassing 2 minutes required to hack it last year).

    Apple recommended using antivirus software last year but then rescinded the recommendation.  It is probably the same logic the car companies used with seatbelts: if we put them in our car, the car will look dangerous.

    Cornficker is real, aimed at windows, and severely overhyped by the media.  No matter what you use (I am on Linux right now), back up your data--preferably offsite.  Don't open strange email attachments and practice safe surfing.

    Parent

    The part about attachments... (5.00 / 1) (#21)
    by Romberry on Wed Apr 01, 2009 at 02:48:49 AM EST
    "Don't open strange email attachments..."

    That right there is the single best bit of security advice in existence for end users. I can't tell you how many systems I've been paid to clean up/restore after someone received a mystery attachment with some sort of crude bit of social engineering ("Somone loves you! Open this to see who" and "VISA Card Over Limit Warning! See attached statement") that led them to suspend their good sense and "click here" exactly as instructed.

    Windows Vista, for people using limited user rather than admin accounts, is very good about resisting this sort of thing (requiring an elevation to admin privileges for many of these packages to wreak their havoc) but most users, for reasons that are a mystery to me, run with full admin privileges all the time. Same advice and problem with full admin accounts applies to XP as well.

    (We had a discussion about this along with instructions for setting up the proper account type over at Table Talk. Anyone interested should start around here.)

    Parent

    Not true (5.00 / 1) (#24)
    by NMvoiceofreason on Wed Apr 01, 2009 at 07:44:22 AM EST
    Many Macs use VirtualPC or other software to run Windows, they are just as vulnerable. Second, my former employer had infected Macs (using MacMail), that would reinfect the rest of the network (no need for anything more than a firewall?!?). Macs have just as many unpatched holes as almost any other OS, they just have 5% of the market so they are 1/20 as valuable a target to a cracker.

    Parent
    See, this is why Windows experts (none / 0) (#28)
    by Farmboy on Wed Apr 01, 2009 at 09:13:44 AM EST
    should learn to say, "Huh.  I honestly don't know." when asked a question about Macs. It just leads to answers that aren't accurate, then a cycle of Mac users trying to help, PC users delivering FUD, lather, rinse, repeat.

    In answer to the parent post: if you have virtualized Windows in some way on your Mac, that installation of Windows could be at risk from this worm just as it is from any virus/worm.  Make sure your installation of Windows is patched for this.  Outside of that, your Mac is completely safe from the conflicker worm.

    Parent

    Bzzzt! (none / 0) (#29)
    by Romberry on Wed Apr 01, 2009 at 03:09:53 PM EST
    Virtual machines are cleared out on each restart. Basically, they run inside of a memory space. I'm not saying that "virtual space" can't be infected, I'm saying that is partially one of their advantages: The space doesn't exist physically and any infection or other badness goes away on restart of the virtual PC.

    Parent
    Not always (none / 0) (#31)
    by Farmboy on Wed Apr 01, 2009 at 04:45:18 PM EST
    That's why I said "could be" at risk.  For example, on my MacPro I have 2 Windows installations: XP is on a physical partition on my hard drive and I can access it either through a "Boot Camp" restart (machine boots up into Windows solely), or through VMWare Fusion.  My other install is the Windows 7 beta, and it exists as a 32GB file accessible only through VMWare.  Either install is infectable, which would be written to the hard drive and kept.  However, the only harm from an infection would be to the Windows partition or file.  The HFS+ formatted drives/partitions would be safe for a number of reasons, not the least of which being that Windows can't see or read them.

    Some virtualization schemes, such as the long-defunct VirtualPC software from Microsoft, could be made to run in RAM and therefore cleared out on each restart.  But ever since Apple went to Intel years ago, Windows installations on a Mac have been no different than an install on a HP or Dell,  and would save any virus/worm from session to session.

    Parent

    Partly right but on virtualization just wrong. (none / 0) (#32)
    by Romberry on Thu Apr 02, 2009 at 03:56:05 AM EST
    I don't know the first thing about boot camp (which as I understand it runs a physical installation that the user chooses to boot into) but I stand by my statement (strongly) that a system that is running inside of a VPC absolutely can not under any circumstance "write" a virus/trojan to disk. The VPC runs in a protected space with all access limited to memory. When you shut it down, whatever was there is gone and the next time you start up the virtualization and load the machine, you are loading the clean image...because the trojan/virus or whatever has absolutely no access to the image that loads the VPC. If anything else is happening, something is seriously, seriously wrong with the software you are using for virtualization. Period. End of story.

    Parent
    For now. (none / 0) (#17)
    by Romberry on Wed Apr 01, 2009 at 01:35:21 AM EST
    As Macs become more relevant (read "a larger potential target"), these attacks will put Macs in their sights as well. The Safari web browser seems to be a fairly easy way in for people looking to gain control over Macs and this is true now ever since the browser's introduction. But I digress. The bottom line is that if you are running a Mac, the present stage development of conficker is of no concern.

    Parent
    Should i stop using Safari? (none / 0) (#18)
    by caseyOR on Wed Apr 01, 2009 at 01:47:33 AM EST
    Is Firefox a better, safer  browser choice? And why doesn't Apple fix the problems with Safari?

    Parent
    Firefox is better for several reasons (5.00 / 1) (#25)
    by NMvoiceofreason on Wed Apr 01, 2009 at 07:48:34 AM EST
    One, it is open source. People can read the code and find the bugs. Two, since it is multiplatform, it is far more likely the the vast sea of users will have found the bug, and autoreporting tools can get the community involved in fixing it.

    Safari is a better choice than IE, simply because IE is targeted by every cracker. You would need a cracker interested in hurting Apple to be going after Safari - why attack 5% of the money when you can take 95% of the money?

    Parent

    Sorry, I'm a PC (none / 0) (#19)
    by Romberry on Wed Apr 01, 2009 at 02:02:00 AM EST
    You'll have to ask a Mac about Macs. :)

    Parent
    Safari is an easy way in (none / 0) (#27)
    by Farmboy on Wed Apr 01, 2009 at 08:03:48 AM EST
    if when you click on a link that asks for your user password, you provide it.  And then respond, "YES" when it asks, "Application WipeYourDrive.app was downloaded from the internet.  Continue?"

    Seriously, that is exactly what the guy did to gain entry to a Mac in 10 seconds.  He typed in a password and clicked continue.

    This century's Macs are more resistant to virus/worm infection because they run honest-to-pete Unix, not because of "relevance."  However, there is no protection from users.

    Parent

    Windows Vista and even XP... (none / 0) (#30)
    by Romberry on Wed Apr 01, 2009 at 03:11:46 PM EST
    ....when run with a user account are much the same. Someone has to agree to elevate the permissions for many of these naties to to their thing. Unfortunately, someone often does.

    Parent