…the wanderings

What could become the next Conficker (if we had Vista)

A recent advisory from Microsoft (Microsoft Security Advisory (975497)) says Vulnerabilities in SMB Could Allow Remote Code Execution. This “SMB2 zero day” is focused on the Microsoft VIsta and Server 2008 systems.

Researchers show mixed feelings while all the tools for using it are available in the wild.

If Vista were as wide spread as the Windows XP it would have become a potential addition to the Conficker troupe. Interestingly, even the Windows 7 (gaining momentum at the moment) does not seem vulnerable. Which does not preclude Conficker writers themselves of deciding to add this new ‘tool’ to their variations. Return-On-Investments may be the only reason they would not target Vista…

September 12, 2009 Posted by | security | , , | Leave a comment

Conficker and the Curious Yellow

I was not planning on writing another post so soon, but Utopiah here has referred a very nice article in his comments to my previous post. If you have not already read Brandon Wiley’s Curious Yellow: The First Coordinated Worm Design, I urge you to read it through.

It hits right on spot about fast distribution through a peer-to-peer network. I used the concept to hypothesize a patch propagation (described as an anti-worm by him).

The paper describes a scenario comparable to a powerful chess game turning the yellow worm to blue and backwards. Probably in recognition of this idea, Conficker uses latest encryption , very likely making a first field implementation of the MD6 algo and its fixes too!. It appears that the Conficker writer is very well versed with this paper and current technology 🙂

Besides the points made by Wiley on that page, there is one more ‘common goal’ such a network can target, and I am sure its already stated somewhere: These compromised systems can be pooled to brute force encryption security.

April 21, 2009 Posted by | security | , , , | Leave a comment