So, How bad is this really?

Mish42

Apparently some big virus is gonna hit hard on April Fools Day.

http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/

Now, I don't know much about these fancy computers, and I own a Mac, but figured someone on here would know better than me how seriously I should look into this article (if not to protect myself then to spread the word).

Your thoughts?

NoLonger

Think it's an April fools joke, if you click on the safety-live link it'll bring you to the windows live security scan/threats thing. On the side of that page it has the top three treats, Conficker.B (as in not .C) is safety threat number two.

Did some more research, the safety-live site is WAY out of date, honestly though, apparently only 4% of the infected computers are in North America. Norton put up a handy information page on the virus, check it out here.

X'o'Lore

I just built a new computer. My important data exists in something like 4 locations and I doubt this infection exists on any computers in this household. I'm not exactly concerned myself.

As for you? On a Mac? To my knowledge this isn't a Mac threat. I can't imagine a bug that'd be able to threaten more than one platform effectively.

QueenQuinlin

Well, I don't think it’s a joke. My mom works for the Idaho National Laboratory as a computer geek and she got an email from some higher-ups saying that so long as you have the windows patch that you should be fine. Our PC's already have the patch, so I'm not worried about it. But to my knowledge Macs won't be affected. They aren't cool enough for this virus.

DrLeopoldStrabismus

We've been tracking this pretty hard at work. I, personally, have been tracking this sucker since about November of 2008. The survivability of this little bugger is fantastic, and the creators keep updating it to be more resilient. At first, it would use an algorithm to generate 250 random strings per day, and convert those into URLs. The it would try to connect to each one. See, the creators of the virus also had this algorithm and if they wanted to update the virus all they had to do was register one of those URLs and put the update there. However, antivirus researchers were able to reverse engineer the algorithm, and knew which 250 URLs the virus would be hitting. That means that THEY could have theoretically registered one of those URLs and when conficker connected to that site it would download instructions basically to die.

Well the original programmers figured this out, and then implemented a public key encryption method so that conficker would only download from those sites that with the matching key. PRETTY AWESOME STUFF. So far, this thing just looks like an exercise in survivability. It has not done anything malicious. As far as the April 1st update, however, je ne sais pas. Who knows?

These guys: http://www.f-secure.com/weblog/
have been tracking the thing pretty closely too. Then again, they're an antivirus company, so it's (his or her or their or its) job. They provide some more comprehensive reports of it in their blog. I recommend going back as far as November 2008 if you're interested.

Drooling Iguana

John the Filleau wrote: »

Then again, they're an antivirus company, so it's they're job.

:hulk:

DrLeopoldStrabismus

Better?

Drooling Iguana

No, as you're now mixing singular pronouns with plural. The correct word in this context is "their".

"They're" is a contraction of "they are".

"There" refers to a place.

"Their" is posessive.

:tmyk:

DrLeopoldStrabismus

Oh I get it know, thanks. I guess this is what happens when English isn't youeir native language. Even though Iv'e been pretty fluent four about a year, I still get these mess ups. Its well know, write?

Serephel

So John, does the army have a secret black ops department that hunts down virus programmers? Most of them are from Russia I hear.

DrLeopoldStrabismus

Most of them are from CHINA, I hear. >:V

Also I don't know anything about the Army. I am in the Air Force. We have the most pro-education policies.

Serephel

Many are from China, yes, but I read somewhere recently that the majority are from Russia. This is partially because Russia still hates us, and in many villages where these hackers live they are not viewed as criminals but rather heroes. The police can hardly be troubled to go after these people, and the newspapers write about them as local heroes who stole money from the greedy western bastards.

Or who knows, maybe there are more from China and they just hide themselves better. Since it's publically acceptable to hack and steal money from the US in Russia the hackers there show their faces online and make no effort to conceal their identity.

Professor MacJake

I was under the impression that the Chinese government actually orchestrated some hacking activities -- possibly the stealing of information from the McCain and Obama campaigns back in August

Serephel

Oh they most certainly do. The government employs plenty of hackers to access sensitive information about different governments. But hell, we do the same thing, we are just better at not getting caught I guess.

The article I am talking about is from CNET, here. It's a long article, so scroll down to "hunting hackers". I dunno, it says many are from Russia, so that's where I base my statement. This is more in reference to your run-of-the-mill Nigerian prince style scams. Sorry, I should have been more specific.

Serephel

So... I guess this was a big bunch of nothing.

Behemoth

No, i think the anti-virus companies and gov't were just able to handle what could have been a bad thing.

Mish42

I also heard that since there were SO many government peoples looking around to catch whoever started it, the people who would have unleashed it decided it might not be in their best interests to unleash this huge virus and then immediately get caught afterwards. I don't think they ever set it off, for fear of being found out.

DrLeopoldStrabismus

No, Conficker did update. Make no mistake about that. Like I said, this thing has been around since about November of last year, and it has done nothing malicious in that time. CNN just wanted a story, and found a virus that had a countdown timer in it. The news is great at freaking out over anything that has a timer on it (Read: Michaelangelo, MyDoom, etc.)

So know this - Conficker DID update. It's just still not activated. The April 1st piece of the code just told it to act differently, and it is. Mission: accomplished.

Lauren, where did you hear that since there were so many people looking for the creators, they decided not to start it up? We still do not know who the programmers are; how can we assess their opinions? Make no mistake, they could activate this thing to do whatever they want, and the only way we'd be closer to knowing who they are is by evaluating the target and then assessing a motivation. Of course, the motivation would most likely be money, so tracking them would be even harder.

tl;dr: Conficker updated. The news are a bunch of fucking idiots.

Agentcel

You mean the media actually wants me to be scared and watch their shows?

What is this...

NoLonger

All the April first update did is make it harder to track where its getting its updates from. It used to get its updates from one of 250 randomly generated urls (only one really registered) now it gets them from 500 of 50,000.

Serephel

I'll never trust Fox News again.

Mish42

John the Filleau wrote: »

Lauren, where did you hear that since there were so many people looking for the creators, they decided not to start it up? We still do not know who the programmers are; how can we assess their opinions? Make no mistake, they could activate this thing to do whatever they want, and the only way we'd be closer to knowing who they are is by evaluating the target and then assessing a motivation. Of course, the motivation would most likely be money, so tracking them would be even harder.

My mommy said she thought she had heard someone say that on the news and she told me when I was in Dallas She knows as much about it as I do, which is very little! But, that's what I HEARD. Y'know, gossips and all that.

DrLeopoldStrabismus

You know, you are very cute sometimes.