Paul – Page 161 – Paul's Tech Talk

Alarming results are coming from the Conflicker Worm

PaulJanuary 22, 2009

[ad#digg-right]Today I’ve been doing research because I surprised how many people have searched for the Conflicker Worm/Virus and I wanted to point just how bad this is getting. I was looking on Twitter about this some more and here is what I found out:

Over a million conflicker hosts: Are you responsible for any of them? (http: //tinyurl.com/awpeep

[Via twitter Hevnsnt]

Now I went there and he seemed to of added “)” to the URL so I took that out and here’s the URL to check this out. I went there and saw all these IP(Internet Protocols) and it claims that it is over a MILLION. I don’t know if it is true because I stopped the list of IP’s due to the size of list.

I also wanted to talk about the rate at which people are finding this site due to the conflicker virus/worm infecting their systems. As you can see it is steadily increasing as more and more people are trying to find out how to get rid of this very pesky infestation. See below for some good resources to get this annoyance.

I went back to twitter and some other places to find out what people are saying about this virus and I found this interesting comment:

Conflicker Virus has locked out my work account again…. slightly upsetting it keeps trying to break my account password

[via Twitter twitpaul]

[ad#ad2-right]According to one blog post, they seem to think this is a test worm trying the waters out to see how well it works. I tend to agree with this blog post because of the unlikely hood of just infecting systems for fun. I also think they are going to use this worm/virus for a Botnet. There have been several post about this being a possible Botnet setup. Acording to Computeworld, They claim this is building a Botnet and I tend to wonder if this was a bad deployment or if they are just reading to start this up after so many computers are infected.

I don’t know what to call the Conflicker a Virus or a Worm. So I’ve decided to just use both. I’ve been telling people to patch there system as soon as possible. I’d also tell people that you need a good AV and a Good Firewall. Although this sometimes won’t prevent you from getting a virus you will undoubtedly need to disable Auto run. Here are some good resources to better help you get this virus off your system:

F-secure Downadup Removal Tool

Symantec 32.Downadup Removal Tool

Bit Defender Removal Tool

Malware Resource

As you can see there are several different options to help remove this virus and I thought I would list them here. I have heard how hard this virus is to remove and I want to help people remove this virus. Some other things to consider is disabling your restore points before you remove the worm, or it will just come back.

Microsoft to Cut 5,000 Jobs Starting Today:

PaulJanuary 22, 2009

There are reports that Microsoft will start laying people off starting Today Jan 22, 2009.
[ad#ad2-right]

Microsoft said it will cut up to 5,000 jobs in research and development, marketing, sales, finance, legal, human resources and IT over the next 18 months. The first 1,400 jobs will be cut Thursday.

[ViaPcWorld]

I really hate to see this happen but I did suspect this to happen. I get a feeling this isn’t the last we will see of Microsoft doing something like this. I would suspect it will become even more than 5,000 jobs. I will take a guess and say 16,000 will be the total or close to it. If you want to see the other layoffs I’ve talked here are few:

Google Search

Largest Employer : University of Pittsburgh Medical Center is planning layoffs!!

Mahalo Lay’s off around 10% of it’s workforce!!

Viacom and ATT layoff some people. (12,850 People)

I have several differnent articles about the layoffs but I did speculate they will lay off 16,000 people so I am sure it will happen in the next few months. Only time will tell!!!

Spammers defies Bill Gates ‘magic Solution’

PaulJanuary 22, 2009

Sopho’s published statistics and I thought I would talk about it here. Bill Gates promised to have a Magic Solution 5 Years ago. Sophos Also provide a Chart of the Dirty Dozen:

Sopho’s also is claiming that “US retains its crown as spam king“. I don’t think so because of the the Other 32.4%. The US can’t be the main culprit to spam. So What was this ‘Magic Solution’ that they promised 5 years ago?

Microsoft has two techniques in mind for solving the spam issue, both based on the premise of changing the economics of email to place a greater burden on the sender.

[Via CBR]

Microsoft did have some good ideas but they wouldn’t work for right now because the first part of the ‘magic Solution’ was to add mathmatical question to each and every email we sent out. I know that this wasn’t going to work because hackers have already created a systems to get around the captcha verification.

[ad#ad2-right]Spammers of course are the ones who is sending out the spam but they have people who write virus software, which I consider a hacker. You see they want to infect systems so they can easily send out even more email. When a system becomes a Botnet they usually are used to send out email. If your curious as to what a Botnet is Check out the Wikipedia entry for further details. So they need these systems to be able to send out spam, and other types of email phishing. Most of the time a spammers spam just for money because they make money by spamming people. I hate spam because it clogs up our email accounts with unwanted emails.

So Did Microsoft come up with a fix? According to Sopho’s they seem to be dropping percentages from 2004 to now in the US. I have to wonder if Microsoft proclomation made them worry and go outside of the US. I don’t think it will stop in fact, I suspect with the economy like it is we will undoubtedly start seeing even more spam and even more computer infections.

In order to prevent yourself from viruses and computer infections, you will need to install Anti-virus software and a Good firewall, not just the Default Windows Firewall. This will greatly increase your chances of not getting a virus and possibly help prevent some of the spam. You should also tell your associates or customers the benefits of preventive updates. You should also remind people about not clicking links in emails and also not everything you read is true.

Apple’s Not immune after all

PaulJanuary 21, 2009

In a recent post from the San Internet Storm Center:

Apple

APPLE-SA-2009-01-21 QuickTime 7.6: Multiple vulnerabilities all them referencing “arbitrary code execution”. (CVE-2009-0001, CVE-2009-0002, CVE-2009-0003, CVE-2009-0004, CVE-2009-0005,CVE-2009-0006, and CVE-2009-0007)

APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component: arbitrary code execution. (CVE-2009-0008)

[ad#ad2-right]Apple has said they will not say yes or no to this report and that they will be investigating this fully. I’ve been saying Apple needs to get it’s head out of the sand. According to Apple these effect both Mac’s and Microsoft so they are a software related vulnerability. Soon or later someone will want to create a botnet and infect Macintosh’s with virus or even a worm just to show apple that they could. In a recent article from PcWorld, They talk about a Trojan called OSX.RSPlug.D. This will just increase the fact that they are going to start targeting a OSX because of the lack security. Apple, Needs to get it together and start patching just as much as Microsoft.

In Any case It is time to update the software and maybe think about installing anti-virus software also. Although the Mpeg-2 Playback Component vulnerability is for Windows Vista, XP SP2 and SP3. You can see where a hacker would use that for a windows system very easily. So you must be careful what you click on and remember that your no longer safe. You know how they will want to test out the waters for OSX just because they could so this year I predict Apple will start having even more Malware and Viruses than ever before.

Security Researchers warn of potential flaws in Windows

PaulJanuary 21, 2009

I read an article today from Techworld. I wanted to Discuss this in detail. I also found some links that suggest that Techworld is right.

[ad#ad2-right]

Andrew Storms, director of security operations at nCircle Network Security, speculated that the latest bugs were found by researchers using information disclosed in SMB fixes Microsoft released in October and November.[va Techworld]

According to my investigation, and I have been looking. I found a few SMB Vulnerabilities. One of them is CVE-2008-4835 and CVE-2008-4834. These two are capable of Remote Code Execution, and are Consider very High on the Impact list and all.

So Did people find these exploits or vulnerabilities from the last MS 08-067 patch? I would have to conclude it is a real possibility.

Although Microsoft did patch those holes this month. I grow to wonder just how much these hackers keeping the IT professionals on there toes. I hope people updated their system to prevent another worm because you don’t want the worm like Downadup Do you? I am sure there will be a worm or a virus that will exploit this in time, and I think sooner or later someone will use this just like the other one.