dr0p Posted April 1, 2009 Share Posted April 1, 2009 i am having some issues infecting my vm.... dunno if this is some smart ass thing the worm does, but i have the 'malware.exe' file... wont run. doesnt add anything to anything, no traffic over the wire. I heard it's supposed to be a dll, so i tried that.. already crashed firefox with it (my own doing, not the worm) trying to just use a firefox file deleted and renamed the malware as that dll file :P. so then i just tried the plain ole registering the dll! regsvr32 malware.dll. Wont do that! so now i'm stuck trying to initiate a virus.... any suggestions? btw... everytime I try to change the clock in my vm, it changes back to the origional time?! even unchecked to autoupdate over the wire (which it's sandboxed in anyway).. wtf is up with that? Conficker has many anti-debugging tricks built into it, anti-VM is one of those. According to what I've read, it uses Armadillo for it's packing which also has anti-debugging options, so remove the Armadillo protection from it and it should run on your VM without any problems. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 1, 2009 Share Posted April 1, 2009 eh.. guess ill call fail on it. Quote Link to comment Share on other sites More sharing options...
Nophix Posted April 1, 2009 Share Posted April 1, 2009 Well, I came in this morning and out of a few thousand running machines, only 2 of them so far are reporting back an infection. Now, let me explain THESE machines. They were just imaged by a desktop engineer, and taken over to a training facility, UNFUCKINGPATCHED!!! He knows better, and got friggin lazy! Grrr.... There are 8 total machines, but only 2 of them so far are infected. I'm in the process of updating the other 6 and scanning them to make sure. Quote Link to comment Share on other sites More sharing options...
digip Posted April 1, 2009 Share Posted April 1, 2009 Well, I came in this morning and out of a few thousand running machines, only 2 of them so far are reporting back an infection. Now, let me explain THESE machines. They were just imaged by a desktop engineer, and taken over to a training facility, UNFUCKINGPATCHED!!! He knows better, and got friggin lazy! Grrr.... There are 8 total machines, but only 2 of them so far are infected. I'm in the process of updating the other 6 and scanning them to make sure. If they were imaged machines why not just reimage them all and then patch right after wards to be safe? Quote Link to comment Share on other sites More sharing options...
Zimmer Posted April 1, 2009 Share Posted April 1, 2009 Ok the April First Conficker thing is a April Fool's joke see the link the people who made it must have had a sense of humor. See the link http://www.freakinghugeurl.com/refer.php?c...lF4VmxWTlJHczk= Ok the real link http://tinyurl.com/2w4apm Ok fine at last the real link http://www.pcmag.com/article2/0,2817,2344198,00.asp :P It has been uneventful unless the links I see about it are not really April Fools joke's hmmm... Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 1, 2009 Share Posted April 1, 2009 I personally like this one, VIA TestMAD; http://www.webstandards.org/2009/04/01/pur...worm-uncovered/ Quote Link to comment Share on other sites More sharing options...
dr0p Posted April 1, 2009 Share Posted April 1, 2009 I personally like this one, VIA TestMAD; http://www.webstandards.org/2009/04/01/pur...worm-uncovered/ So much win. Quote Link to comment Share on other sites More sharing options...
Keiyentai Posted April 2, 2009 Share Posted April 2, 2009 Oh noes teh interwebs now goes explodey! Oh wait its the 2nd. <_< what happened to all the people who where suppose to call me! I only got 1 customer today :( and thats cause her bf is just well dumb. Quote Link to comment Share on other sites More sharing options...
Nophix Posted April 2, 2009 Share Posted April 2, 2009 If they were imaged machines why not just reimage them all and then patch right after wards to be safe? They are at a remote site and we can only run images from our IT office. Quote Link to comment Share on other sites More sharing options...
Timmay313 Posted April 2, 2009 Share Posted April 2, 2009 I am going to put my vote in as conficker being part of a conspiracy. it is just another way for the man (aka Microsoft) to force its updates on people and crash the not so legal versions of its OS. the government in their state of FAIL have step in with Microsoft to create the "task force" to find the viruses creators. bribery with a 250K reward and scare tactics added in with April fools hype are what is driving them to success. Who knows mac and nix might be involved as well, where else would they create such a devius virus as conficker? Windows would just Bluescreen and they would get nowhere. its a thought... Quote Link to comment Share on other sites More sharing options...
VaKo Posted April 2, 2009 Share Posted April 2, 2009 Timmay313, are you high? Or just living up to your namesake? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 2, 2009 Share Posted April 2, 2009 Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul. Quote Link to comment Share on other sites More sharing options...
Timmay313 Posted April 2, 2009 Share Posted April 2, 2009 Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul. as long as everyone got the sarcasm it is all good Quote Link to comment Share on other sites More sharing options...
lopez1364 Posted April 2, 2009 Share Posted April 2, 2009 My company was hit with a virus on April 1. 5 remote sites and 2 enterprise sites. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 3, 2009 Share Posted April 3, 2009 Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul. bwwhhhlllabheadaiwsajvlea;sab00bsheosuadcvnkl (i am now dumb..thanks asshat) :P Quote Link to comment Share on other sites More sharing options...
misfitsman805 Posted April 3, 2009 Share Posted April 3, 2009 Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul. lol Billy Madison Quote Link to comment Share on other sites More sharing options...
Supra Mike Posted April 6, 2009 Share Posted April 6, 2009 For some reason in me, I'd like to see it get big. It would help increase the demand for IT careers?? *turn on the tele to watch the news* Oh wow! Computer Virus! It's not the same old boring news about hilton tapes and what not. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted April 6, 2009 Share Posted April 6, 2009 hmmm! you haz a point tehre. Quote Link to comment Share on other sites More sharing options...
digip Posted April 11, 2009 Share Posted April 11, 2009 Seems like it has a new bag o'tricks. Recently Conficker updated itself via p2p and added a payload that masquerades as legit Anti-Virus software. In doing so, anyone dumb enough to install it(via credit card purchase) will not only be buying a fake program, they will be giving away their credit card info in the process. http://isc.sans.org/diary.html?storyid=6157 http://news.cnet.com/8301-1009_3-10217386-83.html Quote Link to comment Share on other sites More sharing options...
shonen Posted April 11, 2009 Share Posted April 11, 2009 I saw an add on TV the the other day and 60 minutes has gotten a wiff of conficker and are covering it in australia on sunday. Quote Link to comment Share on other sites More sharing options...
digip Posted April 12, 2009 Share Posted April 12, 2009 Conficker hits more than 700 computers at the university of Utah med school. http://www.google.com/hostednews/ap/articl...4skvowD97GPM6G0 Quote Link to comment Share on other sites More sharing options...
shonen Posted April 12, 2009 Share Posted April 12, 2009 Well going by the report on 60 minutes earlier today symantic suspect roughly 5 million computers are infected world wide. Thats a fair amont and I am surprised that the authors are still yet to use all of the drones. One thing that really got under my skin with that 60 minutes report was the constant use of the word "hacker" and how conficker is a result of hackers. Is it so hard for a media organization to wikki the word hacker and use the correct terminology for these malicious individuals. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted April 12, 2009 Share Posted April 12, 2009 Conficker.E variant is out in the wild now. It sits along side the C variant. http://www.f-secure.com/weblog/archives/00001652.html Quote Link to comment Share on other sites More sharing options...
shonen Posted April 12, 2009 Share Posted April 12, 2009 damn they are bloody quick in releasing new versions. Thanks for the linkage dingle. Quote Link to comment Share on other sites More sharing options...
tim.vangehugten Posted April 13, 2009 Share Posted April 13, 2009 It re-introduces spreading via the MS08-067 vulnerability. Spreading functionality was removed in Conficker.C and the gang behind this maybe realized they made a mistake and added it again. maybe they realized they made A MISTAKE? The only mistake they have taken was to release it... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.