Conficker also installs fake antivirus software

news.cnet. ^ | April 10, 2009 | by Elinor Mills

[JoeProBono]

Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro said on Friday.

The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, according to the Trend Micro blog.

[He Rides A White Horse]

Just checked, don’t have it.

[ansel12]

Here are the tools that the working group are listing.

http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.RepairTools

[JoeProBono]

Thx!

[Dallas59]

Not very original.....

[JoeProBono]

?

[Nateman]

I have had some odd problems with my Ubuntu lately: The mouse goes on and off and every once in awhile. Also while I’m working with GIMP it randomly disappears!(Goodbye unsaved work) I had problems with sound after about 5 months with the last version. It annoys me but I figure since I do a fresh install every 6 months (right after the latest version comes out)I can live with it. Right now I’m on a very old machine so I’m using Puppy Linux.

[Big Giant Head]

I always have two anti-virus software programs just in case one misses something. I also keep two anti-spyware programs as well.

I always disable automatic download settings on my software; I want to be the one to initiate any such activity. Some good anti-virus (freeware) can be found at www.download.com.

I'm a little fanatical about this type of maintenence; I'll sweep everyday alternating software.

This is why I keep Linux around. I got tired of all the "working FOR my machine." I HATE running virus scans. Since we got a hardware firewall, there's been NO trouble for even the Windows machines, unless I go looking for it. LInux is simply carefree. I'll even open attachments in emails from people I don't know! I won't do that in a Windows machine.

[ansel12]

I think it was directed at the virus creator, not you.

[Squantos]

Nary a burp from mine (knock on wood) ! I don’t have puppy linux yet so will snag a copy for some really old machines gathering dust on the shop shelf and see what they will do performance wise........

Hope ya get that bug figured out !

[hiredhand]

"The reason that we have not seen a real Linux virus epidemic in the wild is simply that none of the existing Linux viruses can thrive in the hostile environment that Linux provides. The Linux viruses that exist today are nothing more than technical curiosities; the reality is that there is no viable Linux virus"

I really shouldn't bash Windows so hard without admitting to the terrible truth that all operating systems have shortcomings and vulnerabilities.

In truth, you are correct Joe. Malware can be created for Linux as with any other operating system. The issue is that of a transport and support vector. In the past, we had things such as the "wiz" command still enabled in certain versions of sendmail, the horrible and inexcusable holes historically found in BIND for DNS, a perpetual bad security history with PHP.

But there are a couple of things to bear in mind. First, MS-Windows "assumes" that the owner IS the owner and therefore knows better. In truth, most people don't understand the concept of a remote privilege exploit much less the results. Practically every Windows PC that I ever touch when helping people has been set up for their user account to be admin equivalent. When I point this out, they point out that they "need" for it to be this way in order to install certain software packages. To illustrate my point just a little further, I'm willing to wager that most people don't know what Conficker really does. Most know that it disables access to real anti-virus solutions, and that it makes copies of itself and infects other Windows platforms. But what does it REALLY do? It establishes a botnet for a future yet to be determined function. We can be assured that this function will not be for the better good of mankind. :-)

Linux, on the other hand, has lately gotten away from permitting the user to even casually use the privileged account. Debian and Ubuntu even have some very NICE ways of permitting regular users to perform privileged functions, and these operating systems in particular make it DIFFICULT for the user to even use the root account. Out of the box, Ubuntu establishes a root account with a mangled password (!!) and is pretty much unusable via the shell for most normal users. The user access it via group membership and sudo, and wrappers for sudu for the KDE and Gnome graphical environments.

But I do hold Windows responsible for their entirely unbelievable line of crap about their model of security review and patching in their development cycle. That's simply a lie and motivated by money. It's patently untrue. If people were to go look at time lines for discovery of problems and the turn around times for release of patches, they'd discover that Microsoft is way behind the curve on this. In fact, sometimes they hide it from the public at large for months. This is nearly impossible to do in an Open Source environment. Also, Windows has created the perfect attack vector for malware by continuing to foster their bad code security review practices. They've enabled the creation of an entire industry...anti-virus and malware prevention (see www.bluecoat.com). The only reason we EVER run AV on Linux is to protect Windows systems!

Sorry for the "long-ish" opinion about what a lot of people already know. I just wanted to clarify malware and open source operating systems. :-)

[He Rides A White Horse]

My brother is a computer consultant and he is always extolling the virtues of Linux.

This is why I keep Linux around. I got tired of all the "working FOR my machine."

You're right, I do work a lot for my machine.

Maybe it's time for a switch.

[JoeProBono]

Thx!! Your “long-ish” opinion is much appreciated.

[Nateman]

The latest version of Ubuntu is 12 days away. I'm just going to wait and do a fresh install. If anything ever does get too annoying I can always run a live CD with one of the other distros. It's been 18 months since I've switched from Windows and it's been a hoot.

[Big Giant Head]

The latest version of PCLinuxOS is 2009.1. It’s my favorite because it’s the most similar to Windows. Ubuntu is good, but it takes more linux knowledge in my opinion. I like Mandriva, Suse, and Mepis, too. Puppy is good for older machines.

Get a LiveCD version and you can run it without installing it. You get to try before you “buy”.

[He Rides A White Horse]

I’m definitely going to look into it. Thanks.