Drunkard's Walk Forums
Reminder: Conficker day is coming up fast! - Printable Version

+- Drunkard's Walk Forums (http://www.accessdenied-rms.net/forums)
+-- Forum: General (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=1)
+--- Forum: General Chatter (http://www.accessdenied-rms.net/forums/forumdisplay.php?fid=2)
+--- Thread: Reminder: Conficker day is coming up fast! (/showthread.php?tid=9700)



Reminder: Conficker day is coming up fast! - robkelk - 04-01-2009

It's due to do... something... tomorrow, as I write this. (I'm betting it's going to "call home" for an upgrade and not do anything really malicious for a few days, but the resulting network traffic will slow things down for everybody else. And my bets are usually wrong.)

But http://www.theregister.co.uk/2009/03/30 ... discovery/]there's no excuse for letting it run on your computer.

So beat the rush, and make sure your anti-virus definitions are up-to-date today...
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012



Pulling on my CISSP hat - Rev Dark - 04-01-2009

Okay.

Updating your virus definitions is not enough.

First and foremost. Patch your systems. MS08-067.

Second. Patch your systems (See above) Call your parents/computer illiterate siblings/aunts/uncles/ficus benjaminas/etc. have them patch their systems.
Walk them through the process. Use small words, rude gestures and hand puppets as required.

Third - most good anti-virus software has a buffer overflow protection option - turn it on. MS08-067 is a buffer overflow.

Fourth treat all USB devices as you would your dick (or your dick by proxy, or your favorite dick substitute) Do not place them in any orifice without
sufficient protection (It could be that very available picture printer at the supermarket or that Triple-slotted gigabyte gargler at the internet cafe, or even
the staid business-like one at work). The most prevalent way Conficker makes its way onto protected networks is through unprotected USB devices. Disabling
autorun on your systems is the first step is wrapping your stick before you...

Fifth - patch you Oedipal-Gerund systems!

If you have not patched by this point, patch your system, update your virus scan software and do a full scan with heuristics enabled. Be warned that some
variants of Conficker will attempt to disable A/V software.

Shayne


- Berk - 04-01-2009

This is probably the infection I had to PURGE BY FIRE a year ago on some computers at my office. It even had a protocol for infecting the utilities on U3 USB
drives, I started a campaign to get people to take those stupid things out.
- Grumpy Uncle Gearhead


- CrimsonKMR - 04-01-2009


There is no coincidence, only necessity....
- Clow Reed


- DHBirr - 04-01-2009

Question -- no, two questions: 1) what exactly does the phrase "patch your systems" mean and how should it be done; and
2) what are "heuristics," and how does one go about enabling them? That term doesn't appear anywhere I saw on the control panel
for my anti-virus protection (Norton).

Abusive comments as to how I should shut up and get off the 'Net because of my ignorance will not be helpful.
-----
Big Brother is watching you.  And damn, you are so bloody BORING.


- Bob Schroeck - 04-01-2009

According to the Windows Secrets newsletter, Conficker blocks antivirus sites, Microsoft Update, and a number of other locations on the Web that might help you
defeat it. As a result, you can very easily test to see if you're infected by actually going to McAfee, Norton, Grisoft, Microsoft.com, etc. If you can get
there, you don't have the virus.
-- Bob
---------
Then the horns kicked in...
...and my shoes began to squeak.


- Wiregeek - 04-01-2009

Quote:Abusive comments as to how I should shut up and get off the 'Net because of my ignorance will not be helpful.

Abusive comments will be met with withering scorn.

'Patch' in this context, refers to Windows patches, to improve security, compatibility, performance (or to degrade any of same), and they are available from windowsupdate.com, or windowsupdate.microsoft.com, or most likely by hitting start -> Windows Update.

The next Linux bigot that tries to jerk my chain about Conficker (I run a Windows network at home, quite a few of my friends run Linux networks. I don't lol.. much.. when their stuff doesn't work), is gonna bring home a handful of their own freaking TEETH.
"No can brain today. Want cheezeburger."
From NGE: Nobody Dies, by Gregg Landsman
http://www.fanfiction.net/s/5579457/1/NGE_Nobody_Dies



- Ankhani - 04-01-2009

Patch in this case refers to go to either XP/Vista's 'Windows Update' in the Control Panel, or go to the Windows Update Website (http://update.microsoft.com/microsoftupdate/) and download and install KB958644 (or all important/critical listed updates if you're not into digging). Get Norton/McAfee to do a live/auto update and then run a full system scan. They should be able to find the thing, if you have it.
---

The Master said: "It is all in vain! I have never yet seen a man who can perceive his own faults and bring the charge home against himself."

>Analects: Book V, Chaper XXVI


- Berk - 04-01-2009

In all honesty, Conficker isn't a problem if you've kept up with your Windows Update routine. I've made the occasional need to reboot the computer
as soon as I've really just gotten it turned on some afternoons a part of my routine. Some people don't even know you can get updates from Microsoft,
though, or have downplayed it.

Which is why there's an estimated infection of over a million computers out right now.
- Grumpy Uncle Gearhead


- robkelk - 04-01-2009

Yes, patch your system as well. (I'm used to doing that as soon as the patches are available...)

And it looks like http://www.theregister.co.uk/2009/04/01 ... ctivation/]my bet was wrong... but that's no excuse to not take computer hygene seriously.

Edit: And here's http://www.dshield.org/conficker]a list of actual anti-Conficker resources (as opposed to the scareware and malware that are pretending to be anti-Conficker tools). Ignore the ads (in case any of them are for scareware and malware that are pretending to be anti-Conficker tools); trust only the list in the article itself.
--
Rob Kelk
"Governments have no right to question the loyalty of those who oppose
them. Adversaries remain citizens of the same state, common subjects of
the same sovereign, servants of the same law."

- Michael Ignatieff, addressing Stanford University in 2012



- DHBirr - 04-01-2009

Well, I was able to get through to Norton, my computer's been set since I got it to automatically install Windows (and only
Windows) updates, and I use my USB drives as interim back-up memory, never plugged into any computer but my own, so maybe I'm
relatively safe.

Mooses gracious to all who explained the advice to me.
-----
Big Brother is watching you.  And damn, you are so bloody BORING.


- jpub - 04-02-2009

DHB, if as of yesterday you installed all windows updates from LAST YEAR, you're okay. The update to fix the issue was released around Nov 1, 2008.