Jump to content
Brian Enos's Forums... Maku mozo!

Conficker Worm

JThompson
 Share

Recommended Posts

JThompson Calls Shots

JThompson

Posted
Posted (edited)

I've had the first calls on this when I sent out a ebullition to have users go to Symantec's site for a test. Sure enough, I got back ten or so people who could not get there via the internet. I gave them a couple other security sites with the same result. I don't do systems admin for these people, they are clients for my printer business and I was just trying to lend a hand before stuff got worse.

Now, the admin calls me up to come over with acopy of the removal tool because he can't access the security sites. lol Hey, if he isn't better than that they need a new admin. Anyway, I just dropped the removal tool on my machine and had him tell his users to download it from my server. Since I'm not on the worm's list it doesn't block access to the software.

If you think you might be infected and want to do a quick test, go here: http://symantec.com If you can get to the website you are, most likely, NOT infected. If you can't get to the website, you most likely are infected with the worm. I dropped a copy of Symatec's removal tool on my server to circumvent the worm blocking you from from getting it.

You can find the software here: Conficker Removal Tool

There is a patch to secure the machine at Microsoft, but their servers are so busy with people trying to DL it you can't get there. Maybe it's the worm? LOL Anyway, if you have the worm the patch doesn't work, you need to remove the worm first as it closes the same door tha patch does, making it hard to scan for the vulnerability. There's something very funny, or sad, about not being able to access MS to download a patch. You would think with all the BILLIONS they have that they could secure bandwidth and servers to meet the needs. You can't even access Microsoft right now!

Regards,

JT

Edited by JThompson
Link to comment
Share on other sites
JThompson Calls Shots

JThompson

Posted
  • Author
Posted
or run a mac :P

Perhaps you can explain iTunes? Gawd, that software is friggn junk!!!

The only reason Macs have better luck is that there aren't as many so the script kiddies write for what gets them the most mischief.

I hate the bloated pig that is MS OS but I always get my machines to run without fail. My machine runs 24/7 and if I don't install something new, that requires a restart, `sigh" It will run for months without a restart. I think the longest I had one up was for 2yrs running 2k server. That damn machine was bullet proof.

Link to comment
Share on other sites
Adam B Calls Shots

Adam B

Posted
Posted

actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone.

Link to comment
Share on other sites
XRe Sees Sights Lift

XRe

Posted
Posted
actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone.

Not to mention, large chunks of the OS are open source. Holes tend to be plugged far more quickly in that environment....

Link to comment
Share on other sites
raz-0 Finally read the FAQs

raz-0

Posted
Posted
actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone.

Uhh no. It's a flavor of unix under the hood, and it's unix that is intended to be used by a single user with a gui desktop. Pretty much all browsers are swiss cheese, which gives you shell access for the account, and as any honest unix admin will tell you, if they have shell access, root access isn't that far away.

actually that is only partially correct, the Mac OS is based off BSD Unix and that system is many years old and a very stable/secure system, I could go into great technical details but I dont want to bore anyone.

Not to mention, large chunks of the OS are open source. Holes tend to be plugged far more quickly in that environment....

There is NOTHING magic about open source. OSS is as riddled with holes as commercial software. You just don't wind up with security through obsurity or vulnerability through obscurity for nearly as long due to the amount of scrutiny. Unfortunately, there is not some mythical destination of "reallly and truly secure" that the faster revision cycle of OSS software hastens progress towards. Lots of software will always have vulnerabilities because they are inherent to the process. I want a database that apps can talk to remotely, I'm going to be able to use all the legit tools to exploit the system just like i do to actually use it as intended. No pun intended, but if you want a window in your room, you have to put a hole in the wall.

Regardless of your OSS, keep up with patches and you will have a lot less headaches.

Link to comment
Share on other sites
MichiganShootist Sees Sights

MichiganShootist

Posted
Posted

Yep--- I've now read it three times.

What I don't see or know is what the symptoms would be.

The post says--

If you think you might be infected
etc etc

I just don't know what would let me know if I "might be infected"

I just ran the on line live up date on the Symatec www site to make sure all my deffinitions were up to date in both PCs... so I'm guessing that means "we" are okay.....Right???? or is there more??

Link to comment
Share on other sites
JThompson Calls Shots

JThompson

Posted
  • Author
Posted (edited)
Yep--- I've now read it three times.

What I don't see or know is what the symptoms would be.

The post says--

If you think you might be infected
etc etc

I just don't know what would let me know if I "might be infected"

I just ran the on line live up date on the Symatec www site to make sure all my deffinitions were up to date in both PCs... so I'm guessing that means "we" are okay.....Right???? or is there more??

Your okay bro... The symptom would be not being able to get to Symantec. ;)

Edited by JThompson
Link to comment
Share on other sites
p99shooter Looks for Match

p99shooter

Posted
Posted
There's something very funny, or sad, about not being able to access MS to download a patch. You would think with all the BILLIONS they have that they could secure bandwidth and servers to meet the needs. You can't even access Microsoft right now!

The vulnerability that conficker exploits was patched my Microsoft over 6 months ago. If people were dilligent about taking care of their computers, they wouldn't rushing there to fix the problem after it is too late.

Another way to check and see if you are infected is to attempt to boot your PC into Safe Mode. (Restart, hit F8 after bios messages, or just keep tapping F8 while system boots up, and select Safe Mode from the menu). Conficker prevents a system from booting into safe mode.

Link to comment
Share on other sites
JThompson Calls Shots

JThompson

Posted
  • Author
Posted
There's something very funny, or sad, about not being able to access MS to download a patch. You would think with all the BILLIONS they have that they could secure bandwidth and servers to meet the needs. You can't even access Microsoft right now!

The vulnerability that conficker exploits was patched my Microsoft over 6 months ago. If people were dilligent about taking care of their computers, they wouldn't rushing there to fix the problem after it is too late.

Another way to check and see if you are infected is to attempt to boot your PC into Safe Mode. (Restart, hit F8 after bios messages, or just keep tapping F8 while system boots up, and select Safe Mode from the menu). Conficker prevents a system from booting into safe mode.

A bunch of system won't boot to safe mode no matter if they are infected or not. :P Also, I never let MS update anything on my system. Can't tell you how many times they screw something else up with their "patches" My system has been patched, but it's firewalled, locked down and I keep my virus sniffers up to date..

Link to comment
Share on other sites
JThompson Calls Shots

JThompson

Posted
  • Author
Posted (edited)
So I run your tool, and it says that it doesn't find the conficker worm, but something else, cleans it, and I'm still unable to go to the microsoft update page... I'm running it again.

MS is down bro, or at least it was earlier.

Edited by JThompson
Link to comment
Share on other sites
Chris Keen Calls Shots

Chris Keen

Posted
Posted
So I run your tool, and it says that it doesn't find the conficker worm, but something else, cleans it, and I'm still unable to go to the microsoft update page... I'm running it again.

MS is down bro, or at least it was earlier.

It's working fine for me.

Link to comment
Share on other sites
Chris Keen Calls Shots

Chris Keen

Posted
Posted
F Y I----the 1911forum is not "reachable" by me on 2 machines or by several friends. I don't know if it's related to this new worm or not.

That site appears to just be down.

Firefox can't find the server at www.1911forum.com.

AR15.com works ok.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...