Jump to content

BEWARE new version of conficker worm ready to strike on april 1st

ssmithisme

By ssmithisme
in Everything Else

 Share

Recommended Posts

dr0p Newbie

dr0p

Posted
Posted
i am having some issues infecting my vm.... dunno if this is some smart ass thing the worm does, but i have the 'malware.exe' file... wont run. doesnt add anything to anything, no traffic over the wire. I heard it's supposed to be a dll, so i tried that.. already crashed firefox with it (my own doing, not the worm) trying to just use a firefox file deleted and renamed the malware as that dll file :P. so then i just tried the plain ole registering the dll! regsvr32 malware.dll. Wont do that! so now i'm stuck trying to initiate a virus....

any suggestions?

btw... everytime I try to change the clock in my vm, it changes back to the origional time?! even unchecked to autoupdate over the wire (which it's sandboxed in anyway).. wtf is up with that?

Conficker has many anti-debugging tricks built into it, anti-VM is one of those. According to what I've read, it uses Armadillo for it's packing which also has anti-debugging options, so remove the Armadillo protection from it and it should run on your VM without any problems.

Link to comment
Share on other sites
  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Nophix Newbie

Nophix

Posted
Posted

Well, I came in this morning and out of a few thousand running machines, only 2 of them so far are reporting back an infection.

Now, let me explain THESE machines. They were just imaged by a desktop engineer, and taken over to a training facility, UNFUCKINGPATCHED!!! He knows better, and got friggin lazy! Grrr....

There are 8 total machines, but only 2 of them so far are infected. I'm in the process of updating the other 6 and scanning them to make sure.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
Well, I came in this morning and out of a few thousand running machines, only 2 of them so far are reporting back an infection.

Now, let me explain THESE machines. They were just imaged by a desktop engineer, and taken over to a training facility, UNFUCKINGPATCHED!!! He knows better, and got friggin lazy! Grrr....

There are 8 total machines, but only 2 of them so far are infected. I'm in the process of updating the other 6 and scanning them to make sure.

If they were imaged machines why not just reimage them all and then patch right after wards to be safe?

Link to comment
Share on other sites
Zimmer Newbie

Zimmer

Posted
Posted

Ok the April First Conficker thing is a April Fool's joke see the link the people who made it must have had a sense of humor. See the link

http://www.freakinghugeurl.com/refer.php?c...lF4VmxWTlJHczk=

Ok the real link

http://tinyurl.com/2w4apm

Ok fine at last the real link

http://www.pcmag.com/article2/0,2817,2344198,00.asp

:P

It has been uneventful unless the links I see about it are not really April Fools joke's hmmm...

Link to comment
Share on other sites
Nophix Newbie

Nophix

Posted
Posted
If they were imaged machines why not just reimage them all and then patch right after wards to be safe?

They are at a remote site and we can only run images from our IT office.

Link to comment
Share on other sites
Timmay313 Newbie

Timmay313

Posted
Posted

I am going to put my vote in as conficker being part of a conspiracy. it is just another way for the man (aka Microsoft) to force its updates on people and crash the not so legal versions of its OS. the government in their state of FAIL have step in with Microsoft to create the "task force" to find the viruses creators. bribery with a 250K reward and scare tactics added in with April fools hype are what is driving them to success. Who knows mac and nix might be involved as well, where else would they create such a devius virus as conficker? Windows would just Bluescreen and they would get nowhere.

its a thought...

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted

Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul.

Link to comment
Share on other sites
Timmay313 Newbie

Timmay313

Posted
Posted
Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul.

as long as everyone got the sarcasm it is all good

Link to comment
Share on other sites
h3%5kr3w Newbie

h3%5kr3w

Posted
Posted
Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul.

bwwhhhlllabheadaiwsajvlea;sab00bsheosuadcvnkl

(i am now dumb..thanks asshat) :P

Link to comment
Share on other sites
misfitsman805 Newbie

misfitsman805

Posted
Posted
Timmay313, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone on this forum is now dumber for having read it. I award you no points, and may God have mercy on your soul.

lol Billy Madison :lol:

Link to comment
Share on other sites
Supra Mike Newbie

Supra Mike

Posted
Posted

For some reason in me, I'd like to see it get big. It would help increase the demand for IT careers??

*turn on the tele to watch the news* Oh wow! Computer Virus! It's not the same old boring news about hilton tapes and what not.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Seems like it has a new bag o'tricks. Recently Conficker updated itself via p2p and added a payload that masquerades as legit Anti-Virus software. In doing so, anyone dumb enough to install it(via credit card purchase) will not only be buying a fake program, they will be giving away their credit card info in the process.

http://isc.sans.org/diary.html?storyid=6157

http://news.cnet.com/8301-1009_3-10217386-83.html

Link to comment
Share on other sites
shonen Newbie

shonen

Posted
Posted

Well going by the report on 60 minutes earlier today symantic suspect roughly 5 million computers are infected world wide. Thats a fair amont and I am surprised that the authors are still yet to use all of the drones.

One thing that really got under my skin with that 60 minutes report was the constant use of the word "hacker" and how conficker is a result of hackers. Is it so hard for a media organization to wikki the word hacker and use the correct terminology for these malicious individuals.

Link to comment
Share on other sites
tim.vangehugten Newbie

tim.vangehugten

Posted
Posted 

It re-introduces spreading via the MS08-067 vulnerability. Spreading functionality was removed in Conficker.C and the gang behind this maybe realized they made a mistake and added it again.

maybe they realized they made A MISTAKE?

The only mistake they have taken was to release it...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...