Jump to content
Washington Football Team Logo
Extremeskins

Experts try to beat vicious computer worm


China

Please choose 1 from each category (4 votes total)  

407 members have voted

  1. 1. Please choose 1 from each category (4 votes total)

    • Under 29 - Lucy Pinder
    • Under 29 - Annalynne McCord
    • 30+ - Heidi Klum
    • 30+ - Jennifer Connelly
    • Athlete - Amanda Beard
    • Athlete - Alicia Sacramone
    • Classic - Claudine Auger
    • Classic - Olivia Newton-John


Recommended Posts

Experts try to beat vicious computer worm

Malicious code has prompted France to ground fighter jets; Microsoft offers $250,000 reward for information

OMAR EL AKKAD

From Friday's Globe and Mail

March 27, 2009 at 12:13 AM EDT

Deep within the World Wide Web, there is an undercurrent of potential chaos building — a malicious piece of code that has already prompted the French military to ground some fighter planes, and Microsoft to offer $250,000 for information leading to the code's authors.

Now, the authority responsible for Canadian domains — website names ending with the suffix .ca — is for the first time blocking access to certain unregistered names in the hope of beating the computer worm before it has a chance wreak havoc on April 1.

"This is the first [worm] that has targeted the domain-name system," said Byron Holland, president and CEO of the Canadian Internet Registration Authority. "This one is right in our space."

A nasty piece of software most commonly known by the name Conficker began infecting computers around the world late last year. Once infected, the computers can be incorporated into a sort of mesh that results in a very powerful single entity called a botnet. Botnets can be used to do everything from transmitting viruses to sending out massive amounts of spam. On April 1, the infected computers are expected to try to contact an as-yet-undiscovered control centre by logging on to thousands of Internet domain names, one of which will be the control hub.

Previous versions of the worm contained instructions to scour a list of about 250 Internet domain names which could potentially be used to send instructions to infected computers. The latest update expands that list to some 50,000 randomly generated domain names, making it very difficult to pre-emptively cut off communication between the infected computers and the control centre.

The CIRA has already begun to block access to some of the unregistered domain names being generated by Conficker, and is monitoring the registered ones to see if any could belong to the culprit, Mr. Holland said. Because the worm appears to sidestep computers based in Ukraine, there is some speculation that it originated in that country.

So-called "zombie computers" infected with Conficker — estimates put the number of infected computers at more than 10 million — are expected to simultaneously contact a central control hub on April 1 to ask for instructions. Symptoms of infection can include network congestion and the disabling of certain Windows security services.

What happens next appears to be anyone's guess. A resulting supercomputer, the sum of the millions of infected computers, could be used as a computer-for-hire to send spam, or to search the infected computers for private data which could then be exploited or sold, or to attack critical computer infrastructure.

Or the whole thing could be one big April Fool's Day joke. Nobody seems to know for sure.

Click on the link for the full article

Link to comment
Share on other sites

The Mess that is DOWNAD

The massive number of WORM_DOWNAD.AD infections would make it one of the more memorable outbreak worms, and clearly a destructive one, in an age when malware are mostly geared for profit. Poor patch management, weak passwords, and the propagation routines of the worm itself are main factors in its continuing upsurge.

worldmap_downad.jpg

The North American region has the most number of infected PCs, with users from the United States being hit the most. Japan, China, and Taiwan are also major DOWNAD-affected countries. In Europe, Italy and Spain have the most infections.

Users observe the following symptoms when they are infected with WORM_DOWNAD.AD:

  • Blocked access to antivirus-related sites
  • Disabled services such as Windows Automatic Update Service
  • High traffic on affected system’s port 445
  • Hidden files even after changes in Folder Options
  • Inability to log in using Windows credentials because they are locked out

A .DLL file with random file names and autorun.inf also appear in all mapped drives, and in Internet Explorer and Movie Maker folders under the Program Files directory.

The worm locks its dropped copy to prevent users from reading, writing, and deleting the malicious file.

It also makes several registry changes to allow simultaneous network connections. By re-infecting machines, this worm manages to keep its malicious activities going on. One of the prominent reasons for its success in global diffusion (details were described in our last Security Policy for Dummies previous blog entry) is its multiple propagation routines: it spreads by exploiting a Microsoft OS vulnerability, via network shares, or via removable and network drives.

Read more: "The Mess that is WORM_DOWNAD" - http://blog.trendmicro.com/the-mess-that-is-worm_downad/#ixzz0AylTFQPT

Link to comment
Share on other sites

Only if you are lazy and didn't install the patches Microsoft released back in November.

My PCs seem to automatically update every few days with something from Microsoft, Firefox or Sun. You have to wonder how many are really vulnerable still.

Link to comment
Share on other sites

My PCs seem to automatically update every few days with something from Microsoft, Firefox or Sun. You have to wonder how many are really vulnerable still.
Most of the stuff I'm hearing is saying that most infections occured after the release of the patch.

I know we install patches at work on Wednesday (they come out on Tuesdays).

Typical is though like my dad. I went over his house last weekend and he had it set to not notify him. Said he got tired of it bothering him. :doh:

Link to comment
Share on other sites

That's fine if your computers don't connect to others on the net and you want them to respond.

You couldn't be further from the truth!

I have been using Ubuntu for almost 3 years, but I have networked my defacto's XP machine, as well as that of my sister-in-law.

In fact, with my s-i-l's pc, I can control hers from my desktop.

Link to comment
Share on other sites

You couldn't be further from the truth!

I have been using Ubuntu for almost 3 years, but I have networked my defacto's XP machine, as well as that of my sister-in-law.

In fact, with my s-i-l's pc, I can control hers from my desktop.

I'm not entirely sure what you're trying to say... but I think you missed Corcaigh's point completely.

Link to comment
Share on other sites

I'm not entirely sure what you're trying to say... but I think you missed Corcaigh's point completely.

I read it as though Corcaigh's believes that only Microsoft pc's can be networked with other MS pc's only. He was responding to Poker Packer, who has also switched to Ubuntu. If that wasn't what he was saying, he needs to clarify.

I'm saying that I can network my Ubuntu pc with at least two MS pc's, and have total control over both. I just don't get the associated virus' that both the MS pc's tend to get.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...