Thursday, March 26, 2009

Botnet from hell unleashed on April 1st

The Conficker botnet will be updated and using dynamic DNS against 250,000 domains, a huge new update will be applied. Will it be the spell of doom for Windows-based machines? I doubt it. It's a friggin' spam generator machine with hooks in to send/receive spam, and remote listening/password catching. Update your Windows machine now before April 1st. And the best news: The owner of the Botnet, who I hopes gets his nads exposed to Chernobyl radiation, can choose to send the update at any time before April 1st. And don't think changing your Windows date to April 2 will save you anyway - the botnet API will actually go out to the internet to get the real time anyway.

 
For those not in the know, a Botnet is really a collection of remotely-controlled computers (known as Zombies) which is used to generate an enormous amount of e-mail spam today. It is estimated that 85% of the worlds e-mail traffic is spam-related shit: Sex organ pills, financial scams, online pharmacies, knock-off watches, and everything you can think of.  But what makes the Conficker botnet alarming is the size: 12+ million computers under control by sleazy scumbag programmers. How would I love to pound the shit out of these guys with some baseball bats if I could. They are one notch above child molesters and pedophiles. 
The most critical and obvious protection is to make sure the Microsoft patch is applied. Network administrators can also use a blocklist provided by F-Secure to try and stop the worm's attempts to connect to Web sites.
And finally, you can disable Autorun so that a PC won't suffer automatic attack from an infected USB drive or other removable media when it's connected. The Internet Storm Center links to one method for doing so at http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html, but the instructions involve changing the Windows registry and should only be attempted by adminstrators or tech experts. Comments under those instructions also list other potential methods for disabling autorun.

Good luck out there.

No comments: