Æ
B
Bill Sanderson
Yes, but it all arrives at the same point: Only journalists are hyping the
April 1st date as something normal folks should watch out for--there's no
need whatsoever. Make sure your machines are clean to the best of your
ability, and sit tight. If something changes, the experts will be able to
spot it.
Nothing ordinary folks, or even normal techies--need worry about at all.
--
April 1st date as something normal folks should watch out for--there's no
need whatsoever. Make sure your machines are clean to the best of your
ability, and sit tight. If something changes, the experts will be able to
spot it.
Nothing ordinary folks, or even normal techies--need worry about at all.
Ǝиçεl said:
--
R
Randy Knobloch
Bill said:
"Busted! Conficker's tell-tale heart uncovered"
<http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/>
B
Bill Sanderson
Thanks - that is useful information for anyone with several machines on a
network.
--
network.
Randy Knobloch said:
--
R
robinb
and stay off any web browser on the 1st also
robin
robin
B
Bill Sanderson
So far, I've found one network scanner that I was able to use to scan a
network at work---it is a python script, but a compiled version was
available, so other than working at a command line level, it wasn't hard to
deal with. None of the machines which were turned on at the time were
infected.
Have to try it again during the day.
Google for scs_exe.zip to find it.
Not for the average person yet.
--
network at work---it is a python script, but a compiled version was
available, so other than working at a command line level, it wasn't hard to
deal with. None of the machines which were turned on at the time were
infected.
Have to try it again during the day.
Google for scs_exe.zip to find it.
Not for the average person yet.
robinb said:
--
S
Stu
Well here we are Bill April 1 and .......... I can post again! Courtesy IE8.
And to think of all the expletives and nasty things a said about MS - still
don`t see the `sign in` link top right but it seems to be working. The guys
at IE8 NG seem to think it relates to a problem with server hosting this
site. Anyways.
I was reading some of the symptoms associated with Conficker and its
variants. Among other things, these include termination of the BITS - WU/MU,
Security Centre services AND Windows Defender. So that should be a visual
clue for many though not all I grant you. If a multi billion empire like MS
would really like to put a price on the heads of these bad guys $250, 000
seems la bit thin on the ground? Like a drop in the ocean? I also read the
MRT will detect and remove it?
Stu
And to think of all the expletives and nasty things a said about MS - still
don`t see the `sign in` link top right but it seems to be working. The guys
at IE8 NG seem to think it relates to a problem with server hosting this
site. Anyways.
I was reading some of the symptoms associated with Conficker and its
variants. Among other things, these include termination of the BITS - WU/MU,
Security Centre services AND Windows Defender. So that should be a visual
clue for many though not all I grant you. If a multi billion empire like MS
would really like to put a price on the heads of these bad guys $250, 000
seems la bit thin on the ground? Like a drop in the ocean? I also read the
MRT will detect and remove it?
Stu
B
Bill Sanderson
I've seen that information, but also some posts saying that its presence may
not have visible symptoms in some cases. There are detection/removal apps
now from a number of reputable vendors, as well as network scanners from EYE
and others. I've used one of these to scan some of the networks I
administer and not found any sign of infected machines.
I have also heard that the MRT targets conficker, but I can't confirm it--I
did look at the MRT site, but didn't spot conficker by name there. I just
happened to hit the site by happenstance and wasn't actively searching, so I
might have missed it.
So far, I've not seen any public statements of any significance about the
anticipated changes in behavior today--I have seen some anecdotal reports
that don't make a lot of sense. Some of the conjectures I've seen--brute
force password hacking, or perhaps some similar form of distributed
computing type decryption activity--might both be very scary, and hard to
detect--because there wouldn't necessarily be a lot of information transfer
to and from the network machines.
not have visible symptoms in some cases. There are detection/removal apps
now from a number of reputable vendors, as well as network scanners from EYE
and others. I've used one of these to scan some of the networks I
administer and not found any sign of infected machines.
I have also heard that the MRT targets conficker, but I can't confirm it--I
did look at the MRT site, but didn't spot conficker by name there. I just
happened to hit the site by happenstance and wasn't actively searching, so I
might have missed it.
So far, I've not seen any public statements of any significance about the
anticipated changes in behavior today--I have seen some anecdotal reports
that don't make a lot of sense. Some of the conjectures I've seen--brute
force password hacking, or perhaps some similar form of distributed
computing type decryption activity--might both be very scary, and hard to
detect--because there wouldn't necessarily be a lot of information transfer
to and from the network machines.
Stu said:
Æ
Ǝиçεl
Hi Bill and Stu and All IT's
Families Cleaned by the Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/families.mspx>
January 13, 2009
Virus alert about the Win32/Conficker.B worm
<http://support.microsoft.com/kb/962007>
March 6, 2009 -
Protect yourself from the Conficker computer worm
<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx>
March 27, 2009
-=-
Families Cleaned by the Malicious Software Removal Tool
<http://www.microsoft.com/security/malwareremove/families.mspx>
January 13, 2009
Virus alert about the Win32/Conficker.B worm
<http://support.microsoft.com/kb/962007>
March 6, 2009 -
Protect yourself from the Conficker computer worm
<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx>
March 27, 2009
-=-
S
Stu
I did read somewhere that Symantec might have speculated the April 1 thing
might have been a `red herring` designed to give a false sense of security
(since nothing appears to have happened) thus leading to a lowering of
defenses while perhaps another variant operates under the radar so to speak.
In view of the publicity it has received I wouldn`t have thought that likely
but on the other hand there are a lot of unsuspecting soles out there as the
degree of infection has shown. I thought this link is a good illustration of
how the Autorun infection works - I like pictures cos they can speak a
thousand words.
http://isc.sans.org/diary.html?storyid=5695
Stu
might have been a `red herring` designed to give a false sense of security
(since nothing appears to have happened) thus leading to a lowering of
defenses while perhaps another variant operates under the radar so to speak.
In view of the publicity it has received I wouldn`t have thought that likely
but on the other hand there are a lot of unsuspecting soles out there as the
degree of infection has shown. I thought this link is a good illustration of
how the Autorun infection works - I like pictures cos they can speak a
thousand words.
http://isc.sans.org/diary.html?storyid=5695
Stu
Ǝиçεl said:
R
robinb
maybe this will tell people that they need to beef up security and make sure
they are up to date on ms critical security updates, run a antivirus program
and keep it up to date and run antispyware programs
this could be a rude awakening for those who think "nothing will every
happen to me"
robin
they are up to date on ms critical security updates, run a antivirus program
and keep it up to date and run antispyware programs
this could be a rude awakening for those who think "nothing will every
happen to me"
robin
B
Bill Sanderson
I have seen first hand an attempted drive-by infection of a machine which
was completely up to date with all Microsoft OS and application patches,
including Flash and Adobe Reader, I believe.
It was via an infected banner ad from an entirely reputable site, and the
only thing that stopped it was the antivirus.
If the antivirus had not been present, perhaps Windows Defender might have
seen some portions of the attack--didn't get a chance to find out.
This can happen to anyone.
was completely up to date with all Microsoft OS and application patches,
including Flash and Adobe Reader, I believe.
It was via an infected banner ad from an entirely reputable site, and the
only thing that stopped it was the antivirus.
If the antivirus had not been present, perhaps Windows Defender might have
seen some portions of the attack--didn't get a chance to find out.
This can happen to anyone.
S
Stu
Hi Engel
Many thanks for the reading - how RU?
Stu
Many thanks for the reading - how RU?
Stu
Ǝиçεl said:
S
Stu
Indeed it will I hope. Since this thing is, among other things, designed to
propogate thru removeable media we should remind ourselves both in the work
place or on the domestic front, not to accept removeable media from a friend
let alone a stranger. From my everyday observations I think there has been a
tendency in more recent times to place an over reliance on Malware progs to
identify nasties and remove them - that`s if they are used at all! Remember
the early 90`s and the number of (by todays standards) nuisance viruses which
were spread thru floppies? Maybe its back to basics time for many. I have
always believed prevention is better than cure - call it paranoia but I
haven`t been compromised in over fifteen years. For Administrators of a
corporate network it must be a nightmare - the bad guys seem to have thought
of everything. Trouble for them now is that their virus while being
financially motivated has compromised governmental as well as military
departments and that makes it very serious. Why should they care? They have
very little chance of being caught. Very frustrating.
Stu
..
propogate thru removeable media we should remind ourselves both in the work
place or on the domestic front, not to accept removeable media from a friend
let alone a stranger. From my everyday observations I think there has been a
tendency in more recent times to place an over reliance on Malware progs to
identify nasties and remove them - that`s if they are used at all! Remember
the early 90`s and the number of (by todays standards) nuisance viruses which
were spread thru floppies? Maybe its back to basics time for many. I have
always believed prevention is better than cure - call it paranoia but I
haven`t been compromised in over fifteen years. For Administrators of a
corporate network it must be a nightmare - the bad guys seem to have thought
of everything. Trouble for them now is that their virus while being
financially motivated has compromised governmental as well as military
departments and that makes it very serious. Why should they care? They have
very little chance of being caught. Very frustrating.
Stu
..
S
Stu
The only consolation I would take from this is that ..... the bad boys must
have invested a lot of money paying the developers who write the code and
sofware to propogate the virus and need to recoup the overheads plus a lot
more besides? The more this is thwarted the better I will feel.
Stu
have invested a lot of money paying the developers who write the code and
sofware to propogate the virus and need to recoup the overheads plus a lot
more besides? The more this is thwarted the better I will feel.
Stu
Stu said:
S
Stu
Good reading Bill. My only regret is that it has taken so long ...... that`s
progress for you.
Stu
progress for you.
Stu
Æ
Ǝиçεl
Danke für deine Antwort!
Gruss
--
Gruss
--
Stu said:
G
gene
Stu said:
IBM's ISS is so far finding about 4% of machines infected with
Conflicker:
http://tech.yahoo.com/news/pcworld/20090403/tc_pcworld/ibmseesconfickerhitting4percentofpcs.
One comment on why that's higher than the 1-2% others have estimated:
"It's possible that Conficker infections are approaching 4 percent,
said Danny McPherson, chief security officer with Arbor Networks.
Because Conficker is more likely to infect certain types of users --
broadband consumers are generally more vulnerable than enterprise or
government users, for example -- estimates like ISS' could come from a
sample that does not represent the Internet as a whole, he said."
Gene
R
robinb
hey engel again how are you? in english please
your writing backwards is making me dizzy
I missed you
robin
your writing backwards is making me dizzy
I missed you
robin
Æ
Ǝиçεl
×× ×™ בסדר.
×× ×™ להצטער ×›×™ ×× ×™ כותב לך סחרחורת.
×× ×™ מקווה שזה ×”×ª×¨×’×•× ×’×•×¨× ×œ×š לצחוק.
ו×× ×™ ×”×ž×“×™× ×” "××•×¨×‘× ×™" ×לה fora. ×ž× ×¡×” להיש×ר מעודכן ×¢× ×ž×” שקורה פה, כדי של×
לכתוב הרבה, ×בל תמיד זוכר ×ת הכל.
מל×ך
×× ×™ להצטער ×›×™ ×× ×™ כותב לך סחרחורת.
×× ×™ מקווה שזה ×”×ª×¨×’×•× ×’×•×¨× ×œ×š לצחוק.
ו×× ×™ ×”×ž×“×™× ×” "××•×¨×‘× ×™" ×לה fora. ×ž× ×¡×” להיש×ר מעודכן ×¢× ×ž×” שקורה פה, כדי של×
לכתוב הרבה, ×בל תמיד זוכר ×ת הכל.
מל×ך