Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Posts Tagged ‘Microsoft’

 

The evolution of an extraordinary globe-spanning worm

Conficker timeline
2008 – 2009

CLICK HERE to see F-Secure’s comprehensive Conficker FAQ.

2008

Aug. 20: The Gimmiv Trojan, which exploited the vulnerability Conficker capitalises on, is first spotted running in a virtual machine on a server in South Korea. Experts speculate this was a a test run prior to it being released in the wild. (Source: BBC)

Sept. Chinese malware brokers are spotted  selling  a $37 tool kit that allows anyone to exploit this newly-discovered security hole in a component of Windows, called  RPC-DCOM, which enables file and print sharing. RPC-DCOM is built into all PCs of Windows XP vintage and earlier, some 800 million machines worldwide

Sept. 29: Gimmiv first seen in the wild infecting a PC in Hanoi, Vietnam. Over …more

$250,000 reward for Conficker controllers’ scalps

That $250,000 bounty Microsoft has put up for the scalps of the controllers of the globe-spanning Conficker worm seems about right. Conficker, aka Downadup,  has now infected the German military, as well as networks of the UK and French Air Forces and England’s Sheffield Teaching Hospitals. After several weeks of informal collaborations, the world’s top virus hunters have formed an official posse to hunt down these very slick bad guys.

“By sharing resources and expertise, this collaborative cross-industry effort is not only protecting infected systems from further damage, but also providing security to the Internet community on the whole,” says Vincent Weafer, VP Symantec …more

FAQ — The Ominous Downadup/Conficker worm

The creators/controllers of the unnerving Downadup/Conficker worm that continues to spread, mostly via unpatched Windows PCs inside corporate networks, have been very good about  holding their cards close, giving few hints of how they plan to use a botnet of several million infected PCs.  Here’s an FAQ I’ve assembled, derived from interviews with F-Secure’s Patrik Runald, Secureworks’ Don Jackson, Arbor Networks’ Jose Nazario, Sunbelt Software’s Eric  Sites and Panda Security’s Inaki Urzay.

Q. How did  Downadup/Conficker originate?

A. Around last September, as everyone focused on the crashing financial markets, a self-spreading Windows OS infection began hitting  a few PCs in China. The attacker took advantage …more