Summary: Estonia a victim of Windows botnets, Conficker set to explode, the media distorts stories, and Microsoft fails to patch properly
GIVEN THAT
almost 1 in 2 Windows PCs is a zombie, it's not exactly a surprise that nations
get paralysed every now and then. This is not a "computer problem" but a "Windows problem", even if
the Microsoft-influenced press neglects to mention some of these crucial details.
Some time ago we mentioned
the damage caused to Estonia by Windows zombies. According to
this report from Heise, kids too are empowered by the ease at which Windows can be hijacked, due to poor engineering.
Russian youth movement claims to have carried out cyber attacks on Estonia
[...]
"We taught the Estonian regime the lesson that if they act illegally, we will respond in an adequate way," boasted Goloskokov in the FT interview. They didn't do anything illegal, he said. "We just visited the various internet sites, over and over, and they stopped working." The Estonians' plight was caused by their own technological limitations in handling the traffic volume, he explained. During the attacks on the Estonian IT infrastructure two years ago, the country was largely cut off from the global internet, and domestic government and banking sites became inaccessible.
As we keep stating, Conficker is far from over and in fact it's
scheduled to exacerbate. IDG has
this report:
The third Conficker malware variant in infected machines is set to activate April 1, says the director of threat research at CA where the malware sample first discovered last week by Symantec is being examined.
"It's set to go off April 1, 2009 and Conficker will generate 50,000 URLS daily," says Don DeBolt, CA's director of threat research.
This is neither a joke nor a prank, despite the date.
We already know that
Microsoft bothers journalists who criticise Windows for poor security. It does make a difference.
There is a bothersome pattern in media coverage where reporters/editors are somehow spinning Conficker to make Microsoft seem like the good guy, the brave cowboy (for example, see
this and
this). Microsoft's sloppiness is responsible for these attacks, but parts of the press portray Microsoft as the white knight, a hero that protects the unwashed crowds from a problem of its own making. The same thing happens
in Facebook where Microsoft is attributed with "fighting" those evil worms, but how come no-one is asking why these worms exist in the first place? UNIX/Linux users
don't have these problems.
Lastly, regarding Microsoft's patches to vulnerabilities, these
turn out to be flawed too.
Recent Microsoft patch useless if previously exploited (Update 2)
[...]
Tyler Reguly, a researcher on nCircle’s VERT team, recently made a post to the company blog that reported a unique discovery. The patch issued by Microsoft on Tuesday to address Man-In-The-Middles attacks on Windows DNS and WINS (MS09-008) is flawed. The flaw is that if a system was exploited before the patch was applied, it remained exploited. The fix didn’t work.
Why won't journalist make a mention of
secure platforms like GNU/Linux?
⬆
More on Conficker:
- Microsoft's Blame-Shifting Strategy Precedes More Trouble
- Leave Microsoft Alone
- Never Blame Microsoft, Blame Users and Exploits
- Botnets and Bounties Versus Real Security
- Is Windows to Blame for Cracking of Federal Aviation Administration (FAA)?
- Windows Problems Take Down Airplanes, JFK Airport, Houston Municipal Courts
- Turkey, France, United Stated Under Attack by Microsoft Windows Insecurities
- Microsoft Adopts Malware Techniques to Advance .NET
- Windows Botnets Go Out of Control, Obama Web Site Delivers Windows Malware
- One Windows Worm, One Week, and Possibly 250,000,000+ New Windows Zombies
- Death by Microsoft Windows
- US Army Becomes Zombies Army; London Hospitals Still Ill (Windows Viruses)
- Eye on Microsoft: Another Messy Week for Security
- Why Conficker is a Blessing to GNU/Linux
- New Casualties of Microsoft Windows?
- Verdict: The BBC Broke the Law with Microsoft Windows Botnets, Which Conficker Continues Building (Updated)
