Paul F said tonight:
"Trend Micro engineers have discovered that if you open a DOS shell window,
and enter "net stop dnscache", infected systems can then reach the domains
initially blocked by Conficker."
Paul, nice work. You just saved a lot of people a good deal of
aggravation by
On Tue, Mar 31, 2009 at 21:13, RandallM wrote:
> what is a common thing to notice about scanning for conflicker? One
> site said a simple scan can disquish between clean and unclean ..:
>
> "Another option is to actively scan for Conficker machines. There is a
> way to distinguish infected machine
Not that I've seen yet. Any bets to what the media says?
I can see it now...
"5 billion dollar loss to companies overnight due to Conficker!"
- Original Message -
From: funsec-boun...@linuxbox.org
To: funsec
Sent: Tue Mar 31 22:38:31 2009
Subject: [funsec] Conficker business pro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Mar 31, 2009 at 7:38 PM, RandallM wrote:
> any numbers calculated on loss to business over this yet?
>
Yes -- mine.
Many hours I could be drinking beers instead of dealing with this. ;-)
- - ferg
-BEGIN PGP SIGNATURE-
Version: PG
On Wed, 01 Apr 2009 12:16:23 +1000, Les Bell said:
> The good news is that it's been April 1st for thirteen hours here now and
> the sky hasn't fallen. Yet.
oh-dark-thirty Friday night. You've been warned. ;)
pgplnwAzj67wn.pgp
Description: PGP signature
_
There is a minor difference in how a machine patched for real against MS08-067
and a machine infected with Conficker, patching the vulnerability partly react.
All this just surfaced this weekend.
On the site you quote you find all details and some python scripts implementing
it.
cheers,
Tora
On Tue, 31 Mar 2009 21:01:38 CDT, RandallM said:
> ok folks, this is better then American Idol (even tho more tweets on
> it so far), go to search.twitter.com and read some of the sad, scary,
> funny responses to Conflicker!
My favorite is all the people who don't realize it's already past frikkin
On Tue, 31 Mar 2009 20:48:44 CDT, RandallM said:
> Conflicker is not beating American idol for tweets..what the hell?
No, that's OK. Conficker is just another worm - we *don't* want more hype
about Yet Another Damned Worm than a TV show. ;)
pgpUpgL6Jn9bt.pgp
Description: PGP signature
__
Gadi is this your doing ?
--Original Message--
From: RandallM
Sender: funsec-boun...@linuxbox.org
To: funsec
Subject: [funsec] what the hell..
Sent: Mar 31, 2009 18:48
Conflicker is not beating American idol for tweets..what the hell?
--
been great, thanks
Big R a.k.a System
Lol :-)
The big test will be in the morning when users wake up and turn on their
unpatched and infected systems...
Mike B
- Original Message -
From: funsec-boun...@linuxbox.org
To: funsec
Sent: Tue Mar 31 21:48:44 2009
Subject: [funsec] what the hell..
Conflicker is not beating Am
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just an FYI:
Regarding the "DNS Lookup Prevention" in Conficker.C:
http://mtc.sri.com/Conficker/addendumC/#dns-prevention
Trend Micro engineers have discovered that if you open a DOS shell window,
and enter "net stop dnscache", infected sysems can
any numbers calculated on loss to business over this yet?
--
been great, thanks
Big R a.k.a System
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
These are the people that share the roads with us on a daily basis.
--Original Message--
From: Gadi Evron
Sender: funsec-boun...@linuxbox.org
To: funsec
Subject: [funsec] conficker "chatter" on twitter is heating up
Sent: Mar 31, 2009 18:23
Examples:
WeberRess: Be careful w/ this URL. T
Rick Wesson wrote:
>>
confickerworkinggroup.org
<<
That's been timing out for me, all morning (Oz time). Maybe the entire
purpose of Conficker is to DDoS confickerworkinggroup.org?
The good news is that it's been April 1st for thirteen hours here now and
the sky hasn't fallen. Yet.
Best,
---
ok folks, this is better then American Idol (even tho more tweets on
it so far), go to search.twitter.com and read some of the sad, scary,
funny responses to Conflicker!
--
been great, thanks
Big R a.k.a System
___
Fun and Misc security discussion for O
Conflicker is not beating American idol for tweets..what the hell?
--
been great, thanks
Big R a.k.a System
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing
Gadi Evron wrote:
> Examples:
>
> WeberRess: Be careful w/ this URL. This guys are trying to sell a
> "#Conficker removal!!" Don't lose your money !h ttp://t inyurl.com/cs9bgz
>
> ElizabethMarie: @plamoni I hadn't heard a darn thing about #conficker
> until I told someone to check something out
Keywords "had been"... I don't think the 'active' prisoners were on
Facebook.. just previous prisoners, obviously previous guests of the prison
he worked at otherwise I don't think it would merit a news article.
Sorry, just had to note that before the thread got wy off kilter.
On Tue, Mar 31
funny..watching the updating on my search of conflicker entries on
twitter search and one response was:
"ktb33: Not worried about Conflicker, cause I normally don't open
emails on my computer from people I don't know"
So, the moral of this story for everyone DO NOT OPEN your email!
oh what sha
Examples:
WeberRess: Be careful w/ this URL. This guys are trying to sell a
"#Conficker removal!!" Don't lose your money !h ttp://t inyurl.com/cs9bgz
ElizabethMarie: @plamoni I hadn't heard a darn thing about #conficker
until I told someone to check something out on the web and they said not
fo
Ok funsec twitters, do some twitting!
or..how to make yourself famous tonight...TWITTER and watch you rating
go up! :-)
On Tue, Mar 31, 2009 at 7:51 PM, Gadi Evron wrote:
> RandallM wrote:
>>
>> site that is good to follow the stories on conflicker?
Gadi wrote back
>
> http://search.twitter.com
RandallM wrote:
> site that is good to follow the stories on conflicker?
confickerworkinggroup.org
-rick
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing l
what is a common thing to notice about scanning for conflicker? One
site said a simple scan can disquish between clean and unclean ..:
"Another option is to actively scan for Conficker machines. There is a
way to distinguish infected machines from clean ones based on the
error code for some specia
site that is good to follow the stories on conflicker?
--
been great, thanks
Big R a.k.a System
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
On Tue, 31 Mar 2009 16:03:25 CDT, Thomas Raef said:
> In your pre launch you let people know that you're only going to sell
> this to the first 1,000 people then you're shutting it down (you never
> give a valid reason why you're shutting it down after the first 1,000
> but you're trying to build
On Tue, 31 Mar 2009 08:47:31 EDT, "O'Reirdan, Michael" said:
> The honourable gentleman is using unparliamentarily language and should
> withdraw immediately!
Seconded. And while the gentleman is busy withdrawing, he can go take his pee
break.
pgp7OuFTvxwdp.pgp
Description: PGP signature
__
On Tue, 31 Mar 2009 10:45:05 PDT, Alex Lanstein said:
> No one knows, hence the mystery. My personal thoughts are that nothing
> will happen on the 1st - I think they're a victim of their own success.
We've seen incredibly noisy worms before - like the ones that were set to
DDoS the White House
No no no.
You're doing that all wrong.
In the Internet Marketing world (where IM means Internet Marketing),
you'd have to setup a microsite, a Twitter account and "tweet" about
bathroom breaks, cutting your toenails and other "personal" events to
build up a following, then write some Google ads,
Date sent: Tue, 31 Mar 2009 15:04:50 +0300
From: Gadi Evron
> I propose a resolution to propose a motion to go on a pee break. Any
> seconds?
No, thanks, I'm full.
== (quote inserted randomly by Pegasus Mailer)
rsl...@vcn.bc.ca sl...@vict
On Tue, 31 Mar 2009, der Mouse wrote:
>> We are accustomed to see malware bent on financial gain, but what is
>> the motivation for Conficker? The investment was made, the ammassed
>> "firepower" is large, and no gain has yet been obtained. Could the
>> owners of Conficker be outside of the usu
On Tue, Mar 31, 2009 at 1:25 PM, Ahmad Elkhatib wrote:
> And what would the findings of this hearing have on PCI ?
>
It actually just ended; I will post my (subjective, vendor-biased,
pick-your-own-description-here, etc) summary later today, but the gist is
that it ended in a bit of a fight betw
And what would the findings of this hearing have on PCI ?
On Tue, Mar 31, 2009 at 11:00 PM, Anton Chuvakin wrote:
> This is going on right now in live video here
> http://hsc.house.gov/about/schedule.asp , BTW.
>
> "*Tuesday, March 31, 2009 @ 2pm*
> *311 Cannon House Office Building*
>
> Subcomm
Date sent: Tue, 31 Mar 2009 08:51:58 +0300 (EEST)
From: Juha-Matti Laurio
> "Seven of the "friends" had been in prison for murder, drugs offences, fraud,
> affray and theft, according to The Sun newspaper."
At least it was nothing serious, like spamming.
> What h
On Tue, 31 Mar 2009, der Mouse wrote:
> My own suspicion? It's a relatively ordinary botnet-in-prepraration,
> just run by someone who's willing to let it lie fallow for a few months
> in order to get better penetration before spinning it up.
What if a worm was designed to propagate as widely a
This is going on right now in live video here
http://hsc.house.gov/about/schedule.asp , BTW.
"*Tuesday, March 31, 2009 @ 2pm*
*311 Cannon House Office Building*
Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology
Hearing
*“Do the Payment Card Industry Data Standards Reduc
> We are accustomed to see malware bent on financial gain, but what is
> the motivation for Conficker? The investment was made, the ammassed
> "firepower" is large, and no gain has yet been obtained. Could the
> owners of Conficker be outside of the usual criminal circles? Could
> it be a milita
RandallM wrote:
> was anxious to follow the advice http://www.doxpara.com/ but can't
> download the version http://nmap.org/download.html , get forbidden,
> anyone not get this?
>
I got that a few hours ago, as well.
--
Rob
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _ |
| ASC
; Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blogs.pcmag.com/securitywatch/
> Contributing Editor, PC Magazine
> larry.selt...@ziffdavisenterprise.com
>
>
> __ Information from ESET Smart Security, version of
> virus signature dat
(Whoops, didn't reply-all last time)
No one knows, hence the mystery. My personal thoughts are that nothing
will happen on the 1st - I think they're a victim of their own success.
Too many eyes watching!
You don't have this problem with some of the smaller botnets (not that
Conficker is a botne
>> Are you sure you're not English?
I like Bass Ale. How far does that get me?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.selt...@ziffdavisenterprise.com
_
> Harumpf!
You did that very nicely, Larry. Are you sure you're not English?
--
David Harley BA CISSP FBCS CITP
Small Blue-Green World
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funs
P.S
I do have for sale brand new tools to find, fight and destroy
conflicker. REAL Cheap. Just let me know and I'll send you a PO box,
you send money, I send tools...sound kewl?
On Tue, Mar 31, 2009 at 11:32 AM, RandallM wrote:
> hahaha...thats funny right there...I think.
>
> I am just bore
Gadi Evron ha scritto:
> Stop Conficker FUD!
Conficker started spreading in November 2008, and was remarkably successful.
It has been in hiding for some 4 months, doing almost nothing.
We are accustomed to see malware bent on financial gain, but what is the
motivation for Conficker? The investment
hahaha...thats funny right there...I think.
I am just bored and was wondering bout tools to use.
On Tue, Mar 31, 2009 at 10:22 AM, David Harley wrote:
>> Isn't the world dead yet?
>> Oh wait, it's tomorrow.
>
> Depends on where you are. For all we know, the whole of Australasia/Pacific
> has a
was anxious to follow the advice http://www.doxpara.com/ but can't
download the version http://nmap.org/download.html , get forbidden,
anyone not get this?
--
been great, thanks
Big R a.k.a System
___
Fun and Misc security discussion for OT posts.
https
> Isn't the world dead yet?
> Oh wait, it's tomorrow.
Depends on where you are. For all we know, the whole of Australasia/Pacific
has already fallen off the internet.
Nick? Nick? Are you still there?
--
David Harley BA CISSP FBCS CITP
Small Blue-Green World
Gadi Evron wrote:
> RandallM wrote:
>
>> anyone comment on this and your thoughts or knowledge on what can be
>> done or what we can expect to be done? April 1rst hype or does anyone
>> REALLY know?
>>
>> http://www.securityfocus.com/brief/936
>>
>>
>
> Isn't the world dead yet?
> Oh wait,
Gadi, you funny man.
lets hope its really nothing huh. wouldn't infrastruction take down
just be all the world needs right now?
On Tue, Mar 31, 2009 at 8:36 AM, Gadi Evron wrote:
> RandallM wrote:
>>
>> anyone comment on this and your thoughts or knowledge on what can be
>> done or what we can e
> I'm wondering how all those prisoners were able to send
> him friend requests from the slammer anyway.
> "Welcome to HMP Leicester, here's your number, and your
> uniform, and your Facebook password and URL."
They were probably all doing Open University degrees.
--
David Harley BA CISSP F
RandallM napsal(a):
> anyone comment on this and your thoughts or knowledge on what can be
> done or what we can expect to be done? April 1rst hype or does anyone
> REALLY know?
>
> http://www.securityfocus.com/brief/936
>
>
I think noone but authors really knows. It seems like someone is tryin
>anyone comment on this and your thoughts or knowledge on what can be
>done or what we can expect to be done? April 1rst hype or does anyone
>REALLY know?
>
>http://www.securityfocus.com/brief/936
I have no actual knowledge :) but it seems plausible enough; they found
some piece of behavior, visi
>> You had me on suspended disbelief up to the point you called me
honourable.
Harumpf!
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.selt...@ziffdavisenterprise.com
David Chess said :
I'm wondering how all those prisoners were able to send him friend requests
from the slammer anyway.
"Welcome to HMP Leicester, here's your number, and your uniform, and your
Facebook password and URL."
After having spent some time working in a correctional fa
.
>
>
> __ Information from ESET Smart Security, version of
> virus signature database 3977 (20090331) __
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
___
Fun and M
Juha-Matti Laurio wrote:
> "Nathan Singh was investigated because he was suspected of supplying mobile
> phones
> and other banned items to inmates at HMP Leicester.
>
> The probe failed to find any evidence of smuggling but discovered that the
> 27-year-old had made friends
> with 13 criminals
RandallM wrote:
> anyone comment on this and your thoughts or knowledge on what can be
> done or what we can expect to be done? April 1rst hype or does anyone
> REALLY know?
>
> http://www.securityfocus.com/brief/936
>
Isn't the world dead yet?
Oh wait, it's tomorrow.
Stop Conficker FUD! Save a
> What he was thinking??
Well, he claims to have been thinking:
"God, more Facebook friend requests: accept accept accept who the hell is
this? oh well, accept accept accept accept..."
The stupidest possibility is:
"I'm gonna add all my great friends down at the prison to my Facebook!"
The ar
The honourable gentleman is using unparliamentarily language and should
withdraw immediately!
-Original Message-
From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
On Behalf Of Gadi Evron
Sent: Tuesday, March 31, 2009 8:05 AM
To: Juha-Matti Laurio
Cc: funsec@linuxbox.or
O'Reirdan, Michael wrote:
> The honourable gentleman is using unparliamentarily language and should
> withdraw immediately!
You had me on suspended disbelief up to the point you called me honourable.
I propose a resolution where the British gentleman be banned from this
house due to misleading a
http://twitter.com/yuhas
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gadi Evron wrote:
> Juha-Matti Laurio wrote:
>> Political blog Dizzy Thinks first reported that a memo (below) sent out to
>> parliamentary IT network users
>> on Tuesday night warned that Conficker had disrupted the operation of
>> parliamentary sys
anyone comment on this and your thoughts or knowledge on what can be
done or what we can expect to be done? April 1rst hype or does anyone
REALLY know?
http://www.securityfocus.com/brief/936
--
been great, thanks
Big R a.k.a System
___
Fun and Misc sec
"Unneeded printouts can be cut and stapled to make notepads."
Can someone say "Garbage Divers?" :)
Anybody locks note-pads these days?
Gadi.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Juha-Matti Laurio wrote:
> Political blog Dizzy Thinks first reported that a memo (below) sent out to
> parliamentary IT network users
> on Tuesday night warned that Conficker had disrupted the operation of
> parliamentary systems."
> --clip--
I propose a resolution to propose a motion to go on
64 matches
Mail list logo