03.31.09

Gemini version available ♊︎

Big Day for Microsoft Windows Tomorrow (Conficker Strikes)

Posted in GNU/Linux, Microsoft, Security, Windows at 4:38 am by Dr. Roy Schestowitz

Red button

Summary: A quick summary of Windows security news

TOMORROW, being April 1st, Conficker is expected to cause damage using Windows installations which have thus far been idle on the network. In order to prevent problems that are shared accross the Internet, migration of PCs to GNU/Linux is advised. As SJVN put it yesterday:

Brace Yourself: DDoS Attacks Ahead

In 2009, the crème de la crème of Web sites are still vulnerable to DDoS (distributed denial of service) attacks. Indeed, entire countries, such as Estonia, have had their Internet capabilities crippled by DDoS attacks. Chances are decent we’ll all get to see a massive DDoS sometime on, or after, April 1st, when the hundreds of thousands of Conficker-infected zombied Windows PCs are put to work.

SJVN suggests a solution, too.

The sad truth is no matter what you do with Windows, whether you’re running XP, Vista, or the Windows 7 beta, you’re not safe. Now, however there’s a patch that will stop Conficker, and almost all other malware programs, in their tracks. It’s called Linux.

There is other new Conficker coverage, such as:

i. “60 Minutes” freaks out over Conficker. Where’s John Hodgman when you need him?

FirefoxScreenSnapz031I love “60 Minutes,” but sometimes it just makes you scratch your head. Isn’t anyone working there who has any sophistication when it comes to technology? Lesley Stahl just finished a 15-minute freakout on the dangers of the Conficker virus, dangers which many information experts say have been blown way out of proportion … especially by reports like the one that just aired on “60 Minutes.” The segment producer would have done well to read the much less hysterical Conficker FAQ from CNet … that’s now appearing on the “60 Minutes” Conficker’s story page. (CBS owns CNet.)

ii. Busted! Conficker’s tell-tale heart uncovered

Security experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines that is easy to detect using a variety of off-the-shelf network scanners.

In separate news, the rise of Windows ransomware is being noticed.

From scareware to ransomware

FireEye, a malware specialist, reports that Vundo, which makes fake antivirus programs (scareware), has now started a new scam. Vundo is no longer merely alarming users with bogus warnings that their PCs have been infected to con them into buying largely useless scanning software. Their latest attacks (ransomware) encrypt all of the files (.pdf, .doc, .jpg and others) on a user’s PC and then report garbled data.

Tomorrow will be an interesting day, but when will people learn that no version of Windows ever be secure? It is designed insecurely from the bottom up. As Microsoft’s Brian Valentine put it, “our products just aren’t engineered for security.”

More on Conficker

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New

  1. The ISO Delusion: Sirius Corporation Demonstrates a Lack of Understanding of Security and Privacy

    Sirius ‘Open Source’, emboldened by ISO ‘paperwork’ (certification), lost sight of what it truly takes to run a business securely, mistaking worthless gadgets for “advancement” while compelling staff to sign a new contract in a hurry (prior contract-signing scandals notwithstanding)

  2. Links 26/01/2023: LibreOffice 7.4.5 and Ubuntu Pro Offers

    Links for the day

  3. Links 26/01/2023: GNU poke 3.0 and PipeWire 0.3.65

    Links for the day

  4. IRC Proceedings: Wednesday, January 25, 2023

    IRC logs for Wednesday, January 25, 2023

  5. Companies Would Collapse Upon Abandoning Their Original Goals (That Attracted All the Productive Staff)

    Staff with technical skills won't stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself "Open Source"

  6. [Meme] Listen to Your Workers, Avert Disaster

    Companies that refuse to take input from staff are doomed to fail

  7. The ISO Delusion: When the Employer Doesn’t Understand the Company's Value Proposition (Building Systems) and Rejects Security

    Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything

  8. Links 25/01/2023: NuTyX 23.01.1 and GNU Guile 3.0.9 Released

    Links for the day

  9. Links 25/01/2023: Stratis 3.5.0 and Many Political Links

    Links for the day

  10. New Record Low: Only One 'Linux' Article in ZDNet in More Than Two Weeks

    Only a few years ago ZDNet published about 3 “Linux” stories per day (mostly FUD pieces); now it’s a ghost town, painted in ‘alien green’; considering ZDNet’s agenda (and sponsors) maybe it’s better this way

  11. Links 25/01/2023: Pale Moon 32.0 and DXVK 2.1

    Links for the day

  12. IRC Proceedings: Tuesday, January 24, 2023

    IRC logs for Tuesday, January 24, 2023

  13. ISO Certification Hardly Tackles Any of the Real Issues

    The real-world threats faced by private companies or non-profit organisations aren't covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples

  14. [Meme] Medical Data Sovereignty

    What happens when your medical records/data are accessible to a company based abroad after a mysterious NDA with the Gates Foundation? The International Organization for Standardization (ISO) does not mind.

  15. The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

    Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)

  16. Links 24/01/2023: Wine 8.0 is Ready, FSF Bolsters Copyleft

    Links for the day

  17. Azure Has Layoffs Again, Microsoft Still Cutting

    Even supposed ‘growth’ areas at Microsoft are being culled (this growth is faked, it is a lie)

  18. Links 24/01/2023: Tails 5.9 and ArcoLinux v23.02

    Links for the day

  19. Links 24/01/2023: GStreamer 1.22 and Skrooge Gets New Site

    Links for the day

  20. IRC Proceedings: Monday, January 23, 2023

    IRC logs for Monday, January 23, 2023

  21. The Inside(r) Story of ISO 'Certification' Mills

    Based on my experiences inside Sirius ‘Open Source’ — as I was there for nearly 12 years — I finally tell what I’ve witnessed about ISO certification processes (see ISO wiki for prior experiences)

  22. [Meme] ISO Selling 'Reputation' to Small Businesses (for a Large Fee)

    As we’re hoping to demonstrate throughout the week, ISO certification is, in practice, worse than worthless (just a waste of small businesses’ resources, much like patents); call it the ‘ISO tax’, an artificial barrier to entry that boils down to money

  23. [Meme] ISO Certification for Paying for Certificates on Time

    ISO is a phony authority; it makes business by issuing mostly worthless paperwork that wastes people’s time and accomplishes nothing (except making ISO in rich Switzerland even richer)

  24. The ISO Train Wreck at Sirius 'Open Source'

    Before we proceed to showing how Sirius ‘Open Source’ blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically ‘sold’ a certificate to Sirius — this is like a “diploma mill” but something that’s for businesses, not individuals

  25. Sirius Lying About ISO to Justify Giving the Technical Staff Some Classic 'Bullshit Jobs' While Censoring/Covering Up Incompetence

    Sirius ‘Open Source’ has long used “ISO” — and sometimes “GDPR” — as catch-all excuses for all sorts of nonsensical policies; does ISO realise the degree to which it is being misused by incompetent 'box tickers'?

  26. Links 23/01/2023: mozilla.org's 25th Anniversary and IceWM 3.3.1 Released

    Links for the day

  27. Report: The So-called 'Linux' Foundation is Reducing Focus on Linux

    The so-called ‘Linux’ Foundation is reducing its focus on Linux and is instead busy promoting Microsoft, Facebook, and other interests that GNU/Linux users strongly dislike

  28. Links 23/01/2023: Fwupd 1.8.10

    Links for the day

  29. IRC Proceedings: Sunday, January 22, 2023

    IRC logs for Sunday, January 22, 2023

  30. Links 23/01/2023: Many Pgpool-II Releases, risiOS 37 Reviewed

    Links for the day

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts