topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 1:51 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Conficker - The Facts  (Read 51899 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #50 on: April 06, 2009, 07:01 AM »
You mean you're doubting it will be updated...right? Not sure how you could convince yourself it doesn't exist at all...

Ehtyar.

Shook

  • Member
  • Joined in 2008
  • **
  • Posts: 45
  • ↑ DANISH
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Conficker - The Facts
« Reply #51 on: April 07, 2009, 05:07 AM »
More like, is anything actually going to happen? Because if it really is real, i'm surprised at how well it has hidden itself from the Danish news. As mentioned earlier, they're like a gorilla on a banana when it comes to bad news of such a scale. (I mean, this should at least merit the same level of attention as an airplane crash in USA, considering how widespread it supposedly is)
I guess i'm just a skeptic, but i find it very suspicious when it's set to go off at April 1st, or rather, the end of it.
But before i start sounding offensive, let me rephrase my question: Has anyone here been affected by Conficker yet? I'd like some proof of its existence, as i'm one of those annoying "proof or it didn't happen" kind of guys.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #52 on: April 08, 2009, 10:39 PM »
I'm not sure I understand exactly what kind of "proof" you need that's not already out there. Are you under the impression that the analysis of Conficker linked in the first post was made up?

Ehtyar.

Shook

  • Member
  • Joined in 2008
  • **
  • Posts: 45
  • ↑ DANISH
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Conficker - The Facts
« Reply #53 on: April 09, 2009, 06:16 AM »
Oh no, absolutely not. It's probably just me being bad at expressing myself. It's just that in my experience, the internet isn't always reliable when it comes to telling true stories. (Though it should be mentioned that DC is the nicest bunch o' people i've met on the internet, by far)
Just disregard my previous questions, doesn't matter anyhow. But thank you for... Uhm... Darn, can't find the words, but thanks. :)

TheQwerty

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 84
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #54 on: April 09, 2009, 06:55 AM »
Well it looks like it may have started to update to a new variant:
http://blog.trendmic...-variant-in-the-mix/
https://forums2.syma...dac/ba-p/393454#A260

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #55 on: April 09, 2009, 07:14 AM »
Indeed. CNET has slightly more information here, but the lack of available information is pretty staggering really. Once I learn more I'll post an update.

Ehtyar.

TheQwerty

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 84
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #56 on: April 09, 2009, 07:32 AM »
It's a curious time to release the update, well assuming it's from the same people and not from someone else who has created a way to exploit Conficker itself.

The last two variants took about a month from their "activation" dates to be updated, this one is within 8 days.  I'm betting they've already reached the maximum infections and unless they refocus on infecting rather than updating, those numbers will continue to decline, so it makes sense to release the update sooner.

However, I'd think waiting just one more day would have been more beneficial with the Christian holiday and people having/taking off work.  It raises an interesting question of which spreads faster the actual updates or the news about the updates?

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #57 on: April 09, 2009, 07:51 AM »
i've just only came across a PC which was infected with Conficker and managed to disinfect with Kaspersky's KKiller and apply the patch from Microsoft. so the threat is out there, forewarned is forearmed..

scan_log.png

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #58 on: April 09, 2009, 08:11 AM »
Why is it not foolproof? IMO that's a much easier way for users to detect to Conficker than attempting to download a tool from a site that Conficker blocks.

The reason why it isn't foolproof is there are some cases where it would fail to give correct results and you may see the images and still be infected.

Example: You might be using a proxy where the images are fetched from your ISP's cache, as would be the case if you are using something like AOL's TopSpeed service where all connections go through their proxy and they cache image files from sites that people visit and compress them to make them a smaller file size. It would be retrieved from the ISP's cache server rather than from the site hosting them if the cache already has the file. And it's based on image file URL and not IP, so no matter if Conficker is blocking the site or not, it comes from the cache which isn't blocked and doesn't know the image should be blocked from the user.

I am not sure, but I think Google also has a similar service and there is a plugin for both Firefox and IE (and it may be built into Chrome too), where the images are not compressed like AOL does, but they are served from Google's image cache (same one used for google's image searches). I am not sure if it works the same way as AOL's does, but it's possible that it too can cause a false negative on that Conficker Eye Test site.


BTW: Yes, it does make for much faster page load times and uses much less bandwidth for both the user and AOL, but that cache is an abomination that destroys art and causes all sorts of issues with images when the original site changes the image but it's not updated in the ISP's cache yet. In any AOL browser since v5 (released in the late 90's), it is turned on by default, and most people don't know it and don't know to turn it off. And it's not just dialup people that use it any more...a lot of broadband users are using it too.

bob99

  • Supporting Member
  • Joined in 2008
  • **
  • default avatar
  • Posts: 345
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #59 on: April 09, 2009, 09:52 AM »
Are both of these links working for everyone else?

PhilB66 – Posted on 03/30/09
Conficker Working Group's detection and repair tool list http://www.conficker...hp?n=ANY.RepairTools

app103 – Posted on 04/02/09
http://www.conficker...test/cfeyechart.html

I am getting timeouts / "...cannot display web page".
Could be my security software/settings... trying to determine.
Thought I would confirm the links were valid first.

Thanks,


Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 873
    • View Profile
    • linkerror
    • Donate to Member
Re: Conficker - The Facts
« Reply #60 on: April 09, 2009, 08:21 PM »
I am getting timeouts / "...cannot display web page".
Could be my security software/settings... trying to determine.
Thought I would confirm the links were valid first.
They work for me.

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #61 on: April 09, 2009, 08:42 PM »
I am getting timeouts / "...cannot display web page".
Could be my security software/settings... trying to determine.
Thought I would confirm the links were valid first.

that itself might be a sign of Conficker infection.. the fastest way to check for infection is to get Sysinternals' "Process Explorer" and try to run it on your PC. Conficker would shut it down immediately, though it allows Windows' Task Manager.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #62 on: April 10, 2009, 05:05 PM »
I am getting timeouts / "...cannot display web page".
Could be my security software/settings... trying to determine.
Thought I would confirm the links were valid first.

that itself might be a sign of Conficker infection.. the fastest way to check for infection is to get Sysinternals' "Process Explorer" and try to run it on your PC. Conficker would shut it down immediately, though it allows Windows' Task Manager.
Of course if you're infected, you won't be able to get to Microsoft.com...

Ehtyar.

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #63 on: April 10, 2009, 08:26 PM »
Conficker  is also downloading a fake antivirus named SpywareProtect2009. More @ http://www.viruslist...g?weblogid=208187666

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #64 on: April 10, 2009, 10:34 PM »
Indeed. This part I don't quite understand though. It seems like a poor choice of avenues to make money, and for anyone on their toes it completely reveals the infection. I expected them to try spamming or something.

Ehtyar.

bob99

  • Supporting Member
  • Joined in 2008
  • **
  • default avatar
  • Posts: 345
    • View Profile
    • Donate to Member
Re: Conficker - The Facts
« Reply #65 on: April 12, 2009, 11:28 AM »

Thanks for the suggestions of ways to check.
I am able to run SysInternals' Process Explorer and go to Microsoft.  So it must be the internet security package I'm running on this.  I have experienced the same thing happening, time outs & web page not loading, with other sites at times.  I probably need to change back to the previous IS package I was was using and currently running on a different computer.

bob99