check for conficker
Posted: Wed Apr 01, 2009 11:36 pm
My advice is to check your PCs for conficker. This is not an April Fools joke.
Just because it has done nothing yet, does not mean it is inactive. The guys at work
are all excited about this, can't stop talking about it. They have a couple of captive
botnet nodes in the lab and are watching them 24/7 to see what they are planning to do.
They say it is clever and resilient. For example, if you run WireShark to see if you
have been pwned, it checks the process list every 10 seconds and shuts it down.
If you rename Wireshark, then it checks for the winpcap driver; and if it finds it, shuts
it down and removes all of your interfaces. And on and on. The consensus so
far is that someone was just trying to set up a big spam network and got in over
their heads. I don't buy this; I think it will be something worse when the instructions
finally are sent out.
In any event, this is very interesting. Looks like the first worm that may have been
written by an AI application.
Just because it has done nothing yet, does not mean it is inactive. The guys at work
are all excited about this, can't stop talking about it. They have a couple of captive
botnet nodes in the lab and are watching them 24/7 to see what they are planning to do.
They say it is clever and resilient. For example, if you run WireShark to see if you
have been pwned, it checks the process list every 10 seconds and shuts it down.
If you rename Wireshark, then it checks for the winpcap driver; and if it finds it, shuts
it down and removes all of your interfaces. And on and on. The consensus so
far is that someone was just trying to set up a big spam network and got in over
their heads. I don't buy this; I think it will be something worse when the instructions
finally are sent out.
In any event, this is very interesting. Looks like the first worm that may have been
written by an AI application.
