So its appears the US powe grid has been hacked, and is vulnerable, and apparently they have known about it for years.
So the question has to be why has no one done anything about it?
The scary thing is the US are supposed to be rolling out this new funky technology to all homes, to electronically control and manage power delivery. How long will it be until little hackers are turning of grannys electricity, or the whole of the US just for a laugh.
Just a super quick post, I just came across this standalone and network tool from BitDefender, I have not had a chance to look at it myself yet, but it might be worth putting in your Conficker toolkit for later use.
Downadup (or Conficker) is a network worm that takes advantage of vulnerabilities in Windows to spread. Its removal is complicated by the fact that it blocks many known antivirus software and associated websites.
BitDefender Labs has detected a new and more aggressive Downadup version. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.Gen.
The new version is more resilient to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most of the anti-virus websites in order to hinder the user to disinfect his machine.
BitDefender is the first to offer a free tool which disinfects all versions of Downadup. This domain is the first to serve a removal tool without being blocked by the e-threat.
The worm itself is not new, it made its first appearance late November 2008, known under the names Conficker or Kido as well exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.
Hiya guys, this is a super quick post as I am busy at work, but as mentioned on the main site yesterday some knowledgable guys from the honeynet project have identified the signatures of Conficker, so we can now try and indentify infections.
I am focusing on testing this with NMAP as its free, so here are some links to read as I dont currently have time to do the write ups, sorry.
http://blog.commandlinekungfu.com/2009/03/episode-16-got-that-patch.html
http://seclists.org/nmap-dev/2009/q1/index.html
http://www.skullsecurity.org/blog/?p=209
Nmap 4.85BETA5
o Ron (in just a few hours of furious coding) added remote detection
of the Conficker worm to smb-check-vulns. It is based on new
research by Tillmann Werner and Felix Leder. You can scan your
network for Conficker with a command like: nmap -PN -T4 -p139,445 -n
-v –script=smb-check-vulns –script-args safe=1 [targetnetworks]
If you want to use the Simple Conficker Scanner, which you can also do bulk scans from a txt file, download the latest version here.
scs <start-ip> <end-ip> | <ip-list-file>
The Security world is all a buzz with the 1st of April rapidly approaching. No one knows if its really going to happen, or if it really is an April fool, but there is a good change the Conficker (MS08-067 Vulnerability) is going to strike.
Many organisations may not have been able to patch, but now is the time to be thinking of how your going to cope should the worst happen. At the vary least you should be running an AV Product that can detect the various variants, and have the package on hand ready for deployment if your impacted, so you can deploy in an untested fashion.
Looking at this realisticly if your already infected you might be at risk, but no more than any other day that they could lauch the attack, I dont see anyone suddenly distributing and infecting more machines all of a sudden, this will probably just gradually grow as it has over the last months.
If your a home user, and not sure if your patched, you might want to try this excellent bit of command line Kung Fu from Ed Skoudis –
wmic qfe where hotfixid=”KB958644″ list full
Microsoft Excerpt:
In early March, security researchers identified a new version of the Conficker virus, called Conficker.C. This third variant of the virus, like its predecessors, exploits the vulnerability patched by Microsoft’s security bulletin MS08-067, released in October 2008. While not currently released, it has been confirmed that this virus will become active and malicious on April 1, 2009.
Conficker.C is a major revision of the original virus. This variant includes new functionality that ranges from new infection methods to disabling security tools. The Conficker.C virus will scan and kill processes for security products including disabling: firewalls, patch deployment, and antivirus software.
WHAT TO DO BEFORE APRIL 1ST:
The best defense is to apply Microsoft Security Bulletin MS08-067 to eliminate the vulnerability. Administrators should ensure every system on their network, internal and external, physical and virtual, has the MS08-067 patch applied. Before trying to clean or detect any systems that may be infected with the Conficker virus, administrators must first apply the patch. Attempting to clean systems without first protecting them will only present a never-ending process of Virus removal. By applying MS08-067, administrators will then be able to start the task of scanning for infected devices and restoring them back to their desired state.
WHAT TO DO AFTER APRIL 1ST:
If you have not installed the MS08-067 patch on all systems before April 1st, and systems are infected, researchers claim that you will not be able to apply the patch to the infected systems. You will have to manually remove the virus and then apply the patch. This can leave your system open for re-attack in the timeframe between removing the virus and applying the patch.
Potential New Methods of Attack:
In addition to using internal networks as the means of attack, Conficker.C is believed to use P2P (Peer-to-Peer) networking to infect other vulnerable systems.
Find the Gaps and Close Them Before Conficker.C Causes Trouble for Your Network:
Shavlik is offering a limited-time only, free version of its NetChk Protect and NetChk Compliance software for users to protect against the Conficker virus. Corporations can use Shavlik’s non-invasive, agentless technology to assess their entire network to ensure that Microsoft patch MS08-067 is applied and that their configuration settings have been hardened according to security expert recommendations.
Here is also an interesting Q&A from F-Secure, which also seems to share a realistic perspective.
As previously mentioned, the Pwn2Own hacking contest, also featured events to target the ever popular smartphones.
Surprisingly they all managed to survive and not be compromised. This may be for various reasons, such as the lack of processing power of the phones when it comes to exploitation, or the fact that not much time has spent previously around targeting these devices.
All I know is that it doesnt mean we should think there is nothing to worry about, as the use becomes more popular, and data more valuable trends will change.
I recently got a new smartphone, and I dont think it will be long until AV products become more popular on these platforms, so watch this space.
So Google have now released the long discussed Street View, and already people are complaining and asking to have images removed.
I guess if you have been caught slacking off work, or having lunch with your mistress you might have something to be worried about, but it general I dont think its a mega issue or invasion of privacy.
The images are not real time, as far as I am aware there is not meta data linking the image to individual, registration information or anything else thats not in the public domain. I do wonder if these same people complaining, are the ones with hundreds of pictures on Flickr and such like.
Personally until I learn anymore, I am not to worried about this myself. Granted such as images on Google Earth, so images of government building and such like might need to be removed or censored, not because of the content as such, as anyone could go take a picture, but more to remove the ease of access to such images. I can see the plus sides, be a good idea to get the idea of what a street looks like that your are planning to navigate to.
I have not seen myself on Street View maps yet, but maybe you will be lucky 🙂