Snark asked how we know it's arriving on April 1. I responded that it's already in the wild, but the code reveals an activation date of 4/1.
0
KwitkoSheriff of Banning (Retired)By the thing near the stuffIcrontian
edited March 2009
We're already patched here, our AV is fully up to date, our internet access runs through a proxy server, my ISP is blocking access to those sites, but I figured it was still a good idea to run the BitDefender cleaning tool.
If this is the future of virii and worms, I'm shit scaredless.
I'll be honest, as a case study this is an AMAZING example of a virus. The way it changes and continue to modify in such a way as to make it impossible to defend against is very neat. It just brings to the forefront what most of us have known for years. It's a competition and the good guys are losing.
I'd disagree on the good guys losing. As Kwitko pointed out, the patches are out, ISPs have (ok, maybe can would be better) the IPs to block, and the virus is already decoded to 4/1 activation. It's no longer "how can we stop it", it's OK, which users haven't updated their systems. How hard would it be to identify infected PCs on 4/1 and let the ISP for the users address the problem with them directly, be it locking down their access, giving access to a limited range of sites (security related and help sites?) or sending a "YOU'RE INFECTED" email.
What Rob just mentioned is my concern. It's an ongoing fight and we're losing. Keeping users up to date (not just talking about corporate clients, but general users as well) is all but impossible. It just feels like a footrace where our lane is a frictionless surface.
This is one of those things I utterly hate to say, but the coder in me really admires Conficker.C's build and abilities. It's really a pretty scary bug - the code analysis is an eye-opening read, for those that don't know of just what it's capable.
Er, what? News - Mac and Linux boxen are PCs, home slice.
Conficker authors should be proud of themselves, it's quite an impressive bit of code. Everybody switching to Mac or Linux will simply make hackers retarget their efforts to those codebases. Nice thought, though.
Thrax
🐌Austin, TX Icrontian
Comments
Snark asked how we know it's arriving on April 1. I responded that it's already in the wild, but the code reveals an activation date of 4/1.
If this is the future of virii and worms, I'm shit scaredless.
Lastly, your suggestion to let ISPs snoop on people's PCs (that's what it would take) for the presence of a virus is intensely scary.
http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/index.html
Looks like Conficker.C is srs bsns.
The authors of Conficker are very proud of themselves. In fact, they maybe Chinese or Russian.
Conficker authors should be proud of themselves, it's quite an impressive bit of code. Everybody switching to Mac or Linux will simply make hackers retarget their efforts to those codebases. Nice thought, though.