• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

W32.Downadup Information

W32.Downadup.A and W32.Downadup.B Statistics: https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/226.

W32.Downadup: Peer-to-Peer Payload Distribution: https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/227.

Message Edited by Floating_Red on 01-19-2009 09:17 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies

Kudos0

Re: W32.Downadup Information

Thanx Floating. we should start a new section for these entries
"All that we are is the result of what we have thought"
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thanx man
"All that we are is the result of what we have thought"
Kudos0

Re: W32.Downadup Information


Stu wrote:
Thanx man

You're welcome.  :)

Will keep you up-to-date.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Good job. Will ask one of the Guys if we can make it some special item
"All that we are is the result of what we have thought"
Kudos0

Re: W32.Downadup Information


Stu wrote:
Good job. Will ask one of the Guys if we can make it some special item

"Special"?  Item? 

Like I said, I'd be happy to Update this whenever new Blogs get Released, or whatever.  :D

If any Users would like me to P.M. them whenever a new Blog gets Published, please let me know and I'd be happy to do that for you.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

so if I understand all correctly, if we have Norton antivirus or NIS updated and the patch from microsoft, we should be ok, right?
Kudos0

Re: W32.Downadup Information


NY1986 wrote:
so if I understand all correctly, if we have Norton antivirus or NIS updated and the patch from microsoft, we should be ok, right?

Correct. So there is no need to worry

"All that we are is the result of what we have thought"
Kudos0

Re: W32.Downadup Information


NY1986 wrote:
so if I understand all correctly, if we have Norton antivirus or NIS updated and the patch from microsoft, we should be ok, right?

If you read the Blogs I Posted [Web Links], you will have read that even Patched computers and up-to-date Anti-Virus Products are getting Infected.  Be careful out there!

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

But for the known versions of the virus, if one had it on a jumop drive stick and tried to download on your desktop, the NAV should stop it even if one were foolish to accidently try to download it, eh? I ask because my wife has a little 2MG stick that she uses to transfere items form her work computer sometimes to our home computer
Kudos0

Re: W32.Downadup Information


NY1986 wrote:
But for the known versions of the virus, if one had it on a jumop drive stick and tried to download on your desktop, the NAV should stop it even if one were foolish to accidently try to download it, eh? I ask because my wife has a little 2MG stick that she uses to transfere items form her work computer sometimes to our home computer

Yeah, it probably should stop it, although, W32.Downadup is a very sneaky Threat, so be careful out there!

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

I read on yahoo that when it is on a transferable drive like a small stick drive, then when you insert it into your laptop it gives you two entries for "Open folder to view files, one a phoney entry. Is that what you are hearing too?

http://tech.yahoo.com/blogs/null/116396 

Kudos0

Re: W32.Downadup Information

any thoughts? (also this is the image that generated the yahoofs.com question)
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Hey guys!

Just for interests sake - seeing as this worm is one of the biggies - who was 1st to detect it? and does anyone know/could find out if it was detected by an individual who submitted it, by the company itself, or by a client program through something like SONAR?

Just thought it could be quite interesting! :)

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information


mattsegers wrote:

Hey guys!

Just for interests sake - seeing as this worm is one of the biggies - who was 1st to detect it? and does anyone know/could find out if it was detected by an individual who submitted it, by the company itself, or by a client program through something like SONAR?

Just thought it could be quite interesting! :)


I don't know who? But it will most likely be caught by a IDS like SONAR, because if it was a unknown malware there wouldn't have  been a signature for it

"All that we are is the result of what we have thought"
Kudos0

Re: W32.Downadup Information

so are we all just doomed with this? Do we need to stop the plugnplay thing?? This is very confusing for us non tech folks
Kudos0

Re: W32.Downadup Information


NY1986 wrote:
so are we all just doomed with this? Do we need to stop the plugnplay thing?? This is very confusing for us non tech folks

As long as you have an In-bound Firewall at least, keep your Anti-Virus Product up-to-date and do at least two Full System Scans-a-week just now, you should be alright.  But the Worm is so wide-spread and even Infecting computers Patched M.S.08-67...

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos1 Stats

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

You are on a roll, Floating. Thanks. Keep up the good work
"All that we are is the result of what we have thought"
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Offcourse we need Symantec for this one. But please don't forget the patched machine
"All that we are is the result of what we have thought"
Kudos0

Re: W32.Downadup Information


Floating_Red wrote:

W32.Downadup.C Digs in Deeper - https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/249.


Incredible. Thanks for the links, Red. The whole Downadup thing is quite fascinating, IMO.


Let's just hope the Downadup authors are only after money, and not something else - say, controlling an entire nation's powergrid or satellites  or weapons systems or some other sci-fi-ish thing like that.

Let's also hope we don't someday look back on this and say, "Why didn't anyone do something to stop it?" since supposedly some of the infected PC's IP addresses are already known to researchers...

If all the various dedicated researchers, and the (often) lazy good-for-nothing ISPs would work together (fat chance of that ever happening - the ISPs simply don't care), the ISP's could notify infected customers to clean up their machines. Preferably make it mandatory - disinfect or have one's internet access temporarily suspended. Under current laws the courts would have fun would that one, so it'll probably never happen, sadly. The laws all seem to be on the side of the criminal malware authors.

It would take a major event of some kind, for society to wake up and do something, adapt laws to modern standards. Like having a dangerous intersection where it takes 100 people getting run over and killed before anyone finally thinks it's serious enough to even bother putting in a traffic light. How many of these giant botnets will it take before something sufficiently horrible happens to make lawmakers, politicians, etc., start to take such things seriously? Most of those people still seem to be living in some quaint old-fashioned la-la-land and laws haven't kept up with advances in technology and they see no problem with it.


As plenty of other people have no doubt already suggested, someone needs to figure out a way to make it legal for someone to just hijack the botnets and deactivate them (currently illegal etc "the machines might crash," "the owners might sue," "data could get damaged," "mistakes could be made," "invasion of privacy," probably trespassing and who knows what else blah blah blah) - or at the very least, make it mandatory that ISPs contact known botnet PC owners and tell the owners to get their act together. Realistically, though, that will happen when pigs fly.

Yeah I know, I'm probably venturing too far off-topic or whatever, so I won't say anything more about it.  But it does all pertain to security concerns, and each individual PC owner who's part of a botnet, bears at least some responsibility for what their PC is doing - if they had some way of knowing about it, that is.

Reason for edit: fixed typos.

Message Edited by j2000 on 03-08-2009 05:10 AM
Kudos0

Re: W32.Downadup Information

I agree with Stu because, if you take the time to read through all the Blogs that I have Posted here, you will read that even Patched computers are still getting Infected.

_____________________________________________________________________________________________________________

I also agree that all this Downadup, a.k.a. Conflicker, is fascinating.    If you read all the Blogs Posted, you will see that yes, their main aim is for money, but they also have the ability to create a nightmare for the person's / persons' computer.

Not sure if you've seen this, but there are a large group of Companies, symantec and Microsoft to name a few, are joining forces to hunt down this Threat and, hopefully, the Authors; the Blog for this is Posted in this Thread. 

And there are Countires where, creating a Threat, could land you in jail for a long time and which is il-legal - but does that stop them...?

Also, your rant is not Off-Topic - well, maybe slightly  - because it is dealing with the Downadup Threat. 

___________________________________________________________________________________________________________ 

If you have not read all of these Blogs Posted in this Thread, I Highly-Recommend that you take the time to read them. 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Kudos0

Re: W32.Downadup Information


Floating_Red wrote

Not sure if you've seen this, but there are a large group of Companies, symantec and Microsoft to name a few, are joining forces to hunt down this Threat and, hopefully, the Authors; the Blog for this is Posted in this Thread. 



I like the $250,000.00 bounty idea.  Although I'm trying to refrain from getting too much into the oft-heard suggestions that perhaps if Microsoft would have better default security built-in to the OS in the first place (such as getting rid of idiotic and unnecessarily-dumbed-down stuff like AutoRun - what were they thinking when they designed that?!?) then there wouldn't be as many security threats to start with.

I'm also of the opinion that companies such as Norton, need to start putting pressure on Microsoft to make Windows a much more secure OS in the first place, because there is an ever-increasing number of people who've just about had enough of the constant Windows malware threats, and many of those people are (or will be) moving on to other OS's which are popularly perceived to be more inherently secure.

It would be very bad for Norton, financially, if too many former Norton/Windows customers moved to something like Linux, unless Norton wanted to started writing antivirus for Linux (last I checked, Norton didn't).

A small, controllable amount of malware is probably beneficial for AV companies' bottom lines, because it encourages people to buy good-quality AV, but the way it's getting lately - on the verge of going out of control, it seems. Even the best AV can't detect 100% of malware, and it only takes one instance of malware getting through, to wreck a person's day.

I can't stand (totally dislike) Linux as far as the user-interface is concerned - it's very clunky  and awkward  to even do the simplest things like browse through one's folders, on both KDE and Gnome, compared to other OS's - but if lowering my standards  as far as GUI stuff is what it takes to feel like I have some minimal degree of protection from malware, then so be it. I'm sorry to say that I no longer have faith that traditional AV can protect Windows from the highly-advanced professionally-written malware that's out there, a lot of which seems to take advantage of Windows built-in vulnerabilities. If those vulnerabilities didn't exist in the first place, malware would have a harder time getting in, and AV would be much more effective, and things such as Downadup and all the rest of 'em, wouldn't be so successful.

I used to believe that the only reason there wasn't more alternate-OS malware, was because basically "no one" used those other OS's, so the malware authors didn't bother wasting their time writing malware targeted at such a small percentage of users. However I don't believe that now. Not after seeing some of the stuff that Windows leaves wide open by default, that other OS's don't. And I really do like (prefer) Windows too, well XP at least (my only Windows experience has been with XP Pro - I like how customizable it is as far as the GUI and stuff), but I just don't feel safe with it online anymore.

Again, Norton and other companies whose profits are tied to the success of Microsoft Windows, had better think about finding ways to pressure Microsoft to quit screwing around and finally release a SAFE, SECURE version of Windows, otherwise too many people will jump ship, leaving Windows and Norton etc in the dust. I want to see Windows change for the better - I'd vastly prefer to use Windows, but quite frankly Windows is beginning to (once again) give me the creeps as far as security goes, even after fiddling around in gpedit.msc etc. I used to think that Norton was all I needed to keep safe, but right now I have doubts that even Norton is up to the task of defending Windows - and if Norton can't do it, then probably no one can. Thus, the need for a more secure Windows from the ground up. I would like for that to happen.


Floating_Red wrote:
And there are Countires where, creating a Threat, could land you in jail for a long time and which is illegal - but does that stop them...?

If I was a malware author, I'd seek and relocate to a nation that (a) has wimpy laws and an ineffective and/or corrupt (easily bribed) police and government, and (b) that has a history of not extraditing alleged criminals for prosecution elsewhere. Presumably in such a place, wherever that might be, malware authors can do whatever they please, and no one (at least in their own country) can stop them. I suppose that could be one instance where something like FBI spyware/malware/whatever could come in handy? heh-heh, FBI or someone could download some anti-malware malware onto the malware-authors' computers.... wow this could get complicated...

(Trying to edit this isn't working so well, as the editor-window is misbehaving in a way I haven't seen it do before... hmm)

Message Edited by j2000 on 03-13-2009 07:20 PM
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Downadup-Related Search Indexes Poisoned with Fake AV Sites - https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/256.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thanks for that link to Marian's Blog .... it led me to the article we've been talking about where I found this amendment:


The video is currently unavailable. Click here to read the transcript.

Hugh
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Also an interesting article about the Conficker Working Group at A view from the CWG Trenches on SANS.org
Hugh
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

I guess I'm just wondering how they decide to name these things (trivial, I know,  but I'm curious). Seems like all of a sudden everyone is now calling it Conficker instead of Downadup, but I haven't yet heard/read anything that explains exactly why that name is now the predominant one, especially when it seemed like earlier, so many sources were using the other name (Downadup), or both names interchangeably. I spent some time on Google but haven't found anything enlightening there yet.

I suppose it's inevitable they'd have to settle on just one name, but I'm wondering about the process that determines which name that everyone uses.

The earliest mention I've noticed of the word "Conficker" at the official Norton site, dates from Feb. 23 at one of the links that I think Floating_Red or someone has probably already posted (link).

 

So who gets to decide? Do all the AV outfits just, like, take a vote or draw straws or something, or is there some final authority that just dictates what things are called? If it was a biological virus, I suppose the person who discovered it would decide (?), but does that apply to computer viruses/malware too?

Since (last I heard) no one yet knows the actual purpose of  Downadup  darnit oops I mean Conficker,   seems to me that no one would yet have naming-rights to the thing... since for all we know, it still could have been programmed to cause WWIII  or some other such thing... other more-benign  things such as selling people fake AV/whatever could merely have been a ruse to distract people's attention from its real purpose which we may yet to see... okay tinfoil-hat scenario there but one has to admit that a good conspiracy-theory now and then helps to keep things lively. 

Anyway sometimes I find the naming conventions of malware to be almost as mysterious and unpredictable as the various malwares themselves. I would've linked to a webpage I found explaining a possible meaning of the word Conficker, but it's not, er, family-friendly, and besides that other page still didn't explain why they (whoever "they" are) settled on Conficker instead of Downadup.

Frankly I liked the sound of "Downadup" better and if it had been up to me, I would have chosen that name instead of Conficker... maybe they (those mysterious "they" people  again) figured it would better to give it a nastier-sounding name to get the public's attention so that people will start paying more attention to computer security? or something... if so, I suppose that's as good a rationale as any... I dunno...

--

Reason for edit: fixed typo.

Message Edited by j2000 on 04-04-2009 07:01 PM
Kudos0

Re: W32.Downadup Information

There are three Names of this Threat: Downadup (symantec, and possible other Anti-Virus Companies), Conficker and Kido.  But yeah, it seems the "Conficker Group" (symantec, Microsoft to name a few) who have all got together to find out who Created this and to stop it must have all decided on "Conficker".  I blame Microsoft.  ;)

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Hello Red and All,

I thought Downadup would have stuck cause if you download it.. it could really start to add up :)

I thought everyone blames MS? :) (Great, now watch my windows stop working).

Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information


Floating_Red wrote:

Downadup + Waledac? - https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/260.


W32.Downadup.E Discovered.  Keep Virus Definitions up-to-date.

W32.Downadup.E Summary: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-040823-4919-99.

Message Edited by Floating_Red on 04-09-2009 04:34 PMMessage Edited by Floating_Red on 04-09-2009 04:35 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information


Floating_Red wrote:

Floating_Red wrote:

Downadup + Waledac? - https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/260.


W32.Downadup.E Discovered.  Keep Virus Definitions up-to-date.

W32.Downadup.E Summary: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-040823-4919-99.

Message Edited by Floating_Red on 04-09-2009 04:34 PMMessage Edited by Floating_Red on 04-09-2009 04:35 PM

W32.Downadup.E—Back to Basics: https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/262.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: W32.Downadup Information

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

This thread is closed from further comment. Please visit the forum to start a new thread.