for those that think this thing is a joke.... let me paint a picture of what it can do in 3 days...
I had someone from Asia plug his laptop onto my LAN. Within the first hour, we were trying to figure out why on earth the network/shared drives were crawling, with in the second hour, i was wondering why no one could connect with out outages to the domain controllers, within the fourth hour, i was wondering why four people, at the same time were not able to use the resources on their computers. Day two was quite and everything seemed normal, except for people complaining about the anti-virus popping up with a message that something called kido was attempting to access them on port 445. We managed to get the source and knew what we were dealing with now, 8 new PC's while in the process of being installed got infected and the shared drives on the servers were a launch pad for the confiker files.. day three and all hell breaks loose.... this thing brought down ALL the windows servers to its knees. a DoS attack on the DC's caused no one to logon, that meant that exchange and all that depend on these services were affected. Yes they were patched up as per M$ patch tuesday releases. This thing cares not about patches... if there is hole in windows, it will exploit it. If there is a patch for a hole.. there is a hole in that patch that it will find and exploit. It flooded the windows servers with requests to port 445, which as you all imagine cannot be shutdown else none of the windows services will run as required. I was lucky that only 8 computers were infected.. easy to deal with them. I was not so lucky with the windows servers though... since some were in the process of file replication on certain services, corruption of those databases was inevitable. This resulted in a few hours and a weekend fighting to get windows services restored... if they say 1st April will be the mother of all confiker attacks... i dont even want to be any where near an internet connection. On Thu, Mar 26, 2009 at 12:38 PM, Peter Lubambula <[email protected]> wrote: > Sure this isn't an elaborate April Fool's joke? > > On 3/26/09, Simon Vass <[email protected]> wrote: > > Here is another trick to help fight it. > > > http://www.itworld.com/security/62249/kaspersky-opendns-collaborate-slow-conficker-worm > > also maybe this could be a good time to expound the benefits of running > > Linux desktops. > > > > > > > > Simon > > > > Wire James wrote: > > > > > Some clients of mine do. > > > > > > Wire > > > > > > On Wed, 2009-03-25 at 20:25 +0300, Reinier Battenberg wrote: > > > > > > > why? you run windows? > > > > > > > > rgds, > > > > > > > > Reinier Battenberg > > > > Director > > > > Mountbatten Ltd. > > > > +256 782 801 749 > > > > www.mountbatten.net <http://www.mountbatten.net> > > > > > > > > Be a professional website builder: www.easysites.ug > > <http://www.easysites.ug> > > > > > > > > > > > > On Wednesday 25 March 2009 19:48:48 Wire James wrote: > > > > > Seen this guys? > > > > > > > > > > > > > http://www.usatoday.com/money/industries/technology/2009-03-24-conficker-co > > > > >mputer-worm_N.htm > > > > > > > > > > Is there reason to be scared? > > > > > > > > > > Wire > > > > > > > > > > > > _______________________________________________ > > > > LUG mailing list > > > > [email protected] <mailto:[email protected]> > > > > http://kym.net/mailman/listinfo/lug > > > > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > > > > > > > The above comments and data are owned by whoever posted them > (including > > attachments if any). The List's Host is not responsible for them in any > way. > > > > --------------------------------------- > > > > > > > > > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by *MailScanner* > > <http://www.mailscanner.info/>, and is > > > believed to be clean. > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > LUG mailing list > > > [email protected] > > > http://kym.net/mailman/listinfo/lug > > > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The List's Host is not responsible for them in any > way. > > > --------------------------------------- > > > > > > > > > > > > > > > -- > > Simon Vass > > Technical Manager > > E-Tech Uganda Ltd > > > > http://www.etech.ug > > skype:etechservicedesk > > > > Tel: +256-312260620 > > Fax: +256-312260621 > > "IT Made Easy" > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > _______________________________________________ > > LUG mailing list > > [email protected] > > http://kym.net/mailman/listinfo/lug > > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The List's Host is not responsible for them in any > way. > > --------------------------------------- > > > > > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- > > -- Mike Of course, you might discount this possibility, but remember that one in a million chances happen 99% of the time. ------------------------------------------------------------
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
