Network News

X My Profile
View More Activity

Conficker Worm Strike Reports Start Rolling In

Editor's Note: The following was written in the spirit of April Fool's Day. Brian is following the story and if there are real reports of outbreak, he'll report them in a separate post.

Reports are trickling in about the impact from the Conficker worm, as infected systems passed zero hour at midnight and began downloading additional malicious components.

Here's a quick roundup of some of the more notable incidents caused by Conficker so far, according to published reports:

- A nuclear missile installation near Elmendorf Air force Base outside of Anchorage, Alaska briefly went on a full-scale military alert after technicians manning the bunker suspected that several of their control systems were infected with Conficker.

According to wire reports, the remote facility temporarily moved to Defense Condition (Defcon) 3 in the pre-dawn hours, but quickly backed down from that posture. An airman at the installation who asked not to be identified blamed the mishap on "way too much caffeine" consumed by occupants inside the secluded underground control room. The airman said the facility's lead engineer became agitated and inconsolable after watching an Internet broadcast of Sunday night's hard-hitting 60 Minutes expose' on the Conficker worm entitled, "The Internet is Infected."

- In Iceland, Conficker brought a brief thaw to the long economic winter that began last year with the government's inexorable slide into bankruptcy. According to local news reports, shortly after midnight local time, an ATM in the capital city of Reykjavik began spewing 100-Krona notes. Banking officials there reportedly said the Microsoft Windows-based based bank system began disbursing the bills after a local prankster crammed an infected USB stick into the maw of the teller machine.

- Londoners woke up to find the iconic clock tower Big Ben stopped at precisely one minute till midnight. The British tabloids blared that the giant timepiece had been felled by the Conficker worm. But security officials reasoned that the beloved landmark -- legendary for its reliability -- would have stopped exactly one minute later had the expected 12:00 a.m. updates to Conficker actually been the culprit. Several members of Parliament are now calling for a full investigation into the incident.

- In Waukesha, Wis., Leroy "Mac" MacElrie, 64, turned himself in to local police, claiming he was the author of the original Conficker worm, and that all of the subsequent versions were mere copycats. According to charging documents, MacElrie said he wrote the worm to get back at Microsoft founder Bill Gates for "not stopping spam by 2008 like he said he would." The man was released on his own recognizance, but several hours later a local television station captured footage of the man standing on a nearby street corner repeatedly shouting "I'm the confickter!"

Read on after the jump for more Conficker madness.

In case you haven't guessed it yet, APRIL FOOLS!!! Seriously, if we get any real news about outages, deaths, or disruptions actually caused by Conficker today, you will read it here first.

By Brian Krebs  |  April 1, 2009; 7:23 AM ET
Categories:  Fraud , From the Bunker  | Tags: april fools, conficker, haha  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Asia, Europe, S. America Biggest Conficker Targets
Next: Google: Spam Levels Back to Pre-McColo Levels

Comments

The truth about conficker. It's a Cylon:
http://www.google.com/intl/en/landing/cadie/index.html

Posted by: wiredog | April 1, 2009 8:05 AM | Report abuse

Ya almost had me there for a minute. Fortunately, my caffeine was already kicking in - along with my skepticism.

Posted by: RobDouglas | April 1, 2009 8:39 AM | Report abuse

Nice try... Professor Woo told his class yesterday to be on high alert.

Posted by: OVIE81 | April 1, 2009 8:44 AM | Report abuse

Come on, first think for yourselves and not from what a journalist says, there's no way a few lines of code could learn and operate these devices. The worst a mallicious code could do is to shut things down, not give bank notes in an ATM neither put a militar base in red alert.

Posted by: andrevel | April 1, 2009 9:01 AM | Report abuse

This just in!

The Conficker worm has "rickrolled" the entire planet. Mass hysteria has ensued.

Posted by: XanderB | April 1, 2009 9:04 AM | Report abuse

No evil, no good. Bet McAfee et al are selling well.

Posted by: bgreen2224 | April 1, 2009 9:09 AM | Report abuse

No evil, no good. Bet McAfee et al are selling well.

Posted by: bgreen2224 | April 1, 2009 9:09 AM

____________

What really amuses me is that McAfee is claiming to have a removal tool, and yet over 10 million computers are still infected. Anyone else find this a little odd?

Posted by: XanderB | April 1, 2009 9:12 AM | Report abuse

Nice joke Brian. On initial reading you were credible until the Big Ben story (nary a computer involved in the operation of Big Ben). Upon further scrutiny, you were out on the first vignette. Thanks for the laught this AM!

Posted by: Jotulloch | April 1, 2009 9:47 AM | Report abuse

Ah Mr. Krebs. I actually fell for this piece. And while I sit here chagrined, I also think about the general public who fall for the "legitimate" news outlet stories about the 'big bad worm' that will bring the house down today.

If people perceive and subsequently assume that something horrid will happen to their or their employer's computer(s) today, then what impact does that have on how they carry out their daily activities. How have those people (and the generally ignorant, non-IT literate mainstream media) been socially engineered by the mere threat of something that *might* go wrong.

Sure sounds like the former administration's constant state of 'Orange Alert.'

Posted by: CB12 | April 1, 2009 10:00 AM | Report abuse

"What really amuses me is that McAfee is claiming to have a removal tool, and yet over 10 million computers are still infected. Anyone else find this a little odd?"

Heck no, most computer users are idiots and don't really pay any attention as long as the browser, email and Office works.

Posted by: koalatek | April 1, 2009 10:03 AM | Report abuse

Sounds like Y2K to me.

Posted by: eljay1 | April 1, 2009 10:15 AM | Report abuse

Ha ha! I was ROTFLMAO at the image of the inconsolable airman below the frost line in Alaska. Good jibe, Brian!

Posted by: peterpallesen | April 1, 2009 10:43 AM | Report abuse

You jackasses need to stop posting fake articles. Things like this lead to panic, waste of time and make you look like morons.

Posted by: 21231231231231242q3423432 | April 1, 2009 10:57 AM | Report abuse

Ouch! They say you can't kid a kidder, but we don't expect other people to be doing the kidding.

Did I mention that this had me until I clicked on a link? I will!

Posted by: Cyberia | April 1, 2009 11:04 AM | Report abuse

Thanks for wasting my time with a fake article. I'm sure I speak for more than a few IT people who will stumble across this "news" and be upset. If you want to write satire, consider The Onion.

Posted by: am210sa | April 1, 2009 12:02 PM | Report abuse

The overly caffeinated airman, I could believe.

The ATM story seemed plausible, but somewhat unlikely. What sort of idiot would put a USB port on an ATM in such a location that a member of the public could access it?

But when I got to the bit about Big Ben, I knew I'd been got. No way a computer virus is going to stop a mechanical clock.

Good one.

Posted by: dactyl | April 1, 2009 1:09 PM | Report abuse

Thanks for wasting my time with a fake article. I'm sure I speak for more than a few IT people who will stumble across this "news" and be upset. If you want to write satire, consider The Onion.

Posted by: am210sa | April 1, 2009 12:02 PM | Report abuse
__________

Well you don't speak for me. I personally found this quite amusing. If you could not tell it was a fake article by the 3rd paragraph then that's your own fault. Some of us choose not to live in the fear of things and just go with the moment.

Get a sense of humor.

Posted by: XanderB | April 1, 2009 1:37 PM | Report abuse

I'm with those who think this was a stupid timewaster and not at all funny. Yet another example of why newspapers are failing.

Posted by: marc13 | April 1, 2009 2:25 PM | Report abuse

"Thanks for wasting my time with a fake article. I'm sure I speak for more than a few IT people who will stumble across this "news" and be upset. If you want to write satire, consider The Onion."

Its April fools, get a grip. I thought it was hilarious. I would think it was kind of obvious about half way through that it was a joke!

Posted by: Trent2 | April 1, 2009 2:56 PM | Report abuse

Loves it!

Posted by: Rixstep | April 1, 2009 4:42 PM | Report abuse

that diagnosis of "way too much caffeine" was great! nice April Fool joke, don't let the humorless grind you down.

re earlier Y2K comparisons, very apropos. Both were non-events preceded by much hard work to ensure they were non-events, that would have been significant problem events had that work not been done!

Posted by: bruce_mcculley | April 1, 2009 5:08 PM | Report abuse

Thanks, I needed that! Have a great day.

Posted by: papamckie | April 2, 2009 12:08 AM | Report abuse

"Editor's Note: The following was written in the spirit of April Fool's Day. Brian is following the story and if there are real reports of outbreak, he'll report them in a separate post."

Thank you for the clarification. If the Post feels that this note is required, then I suggest appending the headline with "(April Fools)" as that will keep news readers clear on what they are getting when they click the link to the [humor] piece.

Yeah, I get that this is an April Fools piece, but neither the Post nor Brian Krebs publish unlabeled fiction in the paper, at large, and on this page, specifically. More importantly, the readers' perception and expectation is that the Security Fix column / blog contains succinct, useful and factual I.T. information. Please keep it that way [and keep up the truly great work].

"am210sa" who posted above got it right: please do consider writing for The Onion when crafting satire. :)

Posted by: CB12 | April 2, 2009 9:07 AM | Report abuse

Well, I don't care about these viruses or spywares because I have the tech guys of IT24BY7 with me. I have their unlimited support plan and whenever I have any issues with my laptop I just contact them, and they fix the problem within minutes.
Today, they have officially announced their support for Conficker Worm affected computers:

http://it24by7.com/confickerworm.aspx

These IT24BY7 guys are simple awesome, I trust them and I recommend their computer service to everyone.

Posted by: chrismartin3 | April 2, 2009 9:04 PM | Report abuse

I enjoyed the story. April 1 is a day for foolishness from people who are usually serious. The Onion gets all the other days of the year.

As far as the Conficker hysteria, I agree that like Y2K, things would be worse without a lot of work behind the scenes. But they're pretty bad already, and not just because of Conficker.

Waledac is still quite active, but its spammers seem to be doing a good job avoiding attention by scrubbing their email lists of spam reporters. http://spamtrackers.org/index.html#reuters has a list of numerous active Waledac domains and a sample of how many different IP addresses can be found hosting it within just a few seconds of frequent lookups. And unlike Conficker, your AV program probably won't detect it.

Instead of one day of April Fool's panic, people need to develop some healthy concern about all the malware on their computers the rest of the year.

Posted by: AlphaCentauri | April 2, 2009 10:49 PM | Report abuse

More needs to be publicized about the Koobface Worm, which can be used in conjunction with other malware exploit as yet unrecognized vulnerabilities.

http://information-security-resources.com/2009/03/03/new-worm-lets-hackers-take-complete-control/

Social Networking sites (Facebook, MySpace, Bebo, LiveJournal, etc.) are under attack by a variation of the Koobface worm which began to spread in August ‘08. This new variant, tracked as WORM_KOOBFACE.AZ has the potential of a fast infection rate.

Most importantly, after propagating itself from the infected device, the Worm remains active on the user’s computer transmitting the computer’s data, settings, control information, and system information to over 300 international collection sites.

Posted by: anthonymfreed | April 5, 2009 11:59 AM | Report abuse

> A nuclear missile installation

Ahhh gullability.

FYI there is NO nuclear missile base in Alaska, only an entirely defensive missile. The interceptor missile has no nuclear capability. If it did, I would not be living near it.

So it sounds like even Brian has been fooled.

Posted by: nontrad | April 8, 2009 12:11 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company