Cornficker | Silicon Shecky

Overhype:Flu Vs. IT

April 30, 2009 By Michael Kavka Leave a Comment

Keeping up in the IT world, you come across all sorts of interesting things. You also start seeing patterns that can almost be seen as a microcosm to the rest of the world. With all the focus on Swine Flu lately, you can see some similarities between the way it is being presented and say, Cornficker.

Swine Flu is still making headlines, while Cornficker has done exactly what I figured. It feel from the spotlight, and it fell hard. So hard that the FBI complained about the over-hype and problems that the over-hype caused. Now we are seeing that exact same over-hype with the whole Swine Flu health issue, but no one will ever say it was over-hyped. Cornficker, by the way, has one variant that is about the self destruct, while most of the others have been turning into spam-bots, creating a very large botnet.

The Swine Flu is a nasty illness, but it is being called an epidemic, when in reality such a small portion of people are getting it, and an extremely small amount are dying from it. Yes it is nasty, and yes it needs to be fought, but it doesn’t seem to be any more widespread than any other influenza, just a strain that is more rare.

So one has to wonder, with the latest Zero-Day Adobe Exploit, what we are doing about it. The answer is nothing. People are supposedly waiting for the patch for the newest exploit, yet they still haven’t applied the patches for the prior exploit. Mind you, these things get no press, even though they can be just as dangerous as anything else out there.

Yes, you should test patches before deploying them, but you need to have a plan and a time frame that is not insanely long for a decision. The patches for exploits out in the wild (zero-day) should be deployed as fast as possible. It is simple common sense.

Of course, common sense isn’t so common anymore. Just look at the plan on the Swine Flu “epidemic”. It consists of scaring everyone to death, hurting the economy because of travel bans, and basically hyping the hell out of it until we become complacent and don’t even listen to the people who are basically crying wolf constantly about it.

Hype can be good, but in this day and age, we over-hype so much so fast that I have to wonder, “What are we thinking?”

But wait there’s more!

April 9, 2009 By Michael Kavka Leave a Comment

Just when you thought you could put Cornficker on the list of false alarms, like a bad penny it turns up. That is right, get ready for another media blitz about it.

As of right now, Cornficker is just communicating and transferring payloads between each other. Its also trying to contact sites such as AOL, MSN and the like. The reason on this is to double check time and date. It seems there is a May 3 kill date to stop communications this time, so to prevent you from being able to trick it, it checks on the net for date and time.

Other things now known about this nasty is that the new update is tied into the Waledac family of malware. This family is known for turning machines into bots and has a huge botnet that shoots spam all over the place. What other nasty stuff does Cornficker have in store for us, well we just shall have to wait and see.

As of now most Antivirus software should be able to remove the virus. My recommendation is to start of with the latest version of Malwarebytes to clean it off, since it is easy to download and install the latest version, plus it works real well. Once you’ve cleaned your machine, make sure to patch Windows.

Deja-Vu: 1999 vs. 2009

April 1, 2009 By Michael Kavka Leave a Comment

Oh my god! The world is going to end! Better stock up on water, and essentials! The worst bug in the world is coming!

These sorts of doom warnings sound familiar? Well it was a part of the paranoia, and hype that was the Y2K bug. Yeah, most of the country and world were worried that Y2K would shut down so much, not realizing that most companies had been working on fixing Y2K problems for a few years prior.

Jump ahead to 2009. Cornficker, a worm that an Out-Of-Band patch from Microsoft would protect a machine from, and it was available back in October of 08. Lets see, that is 4-5 months that the patch has been around. No reason machines should not have been patched, but hey, a patch released not on normal patch Tuesday can not be that important, can it? Again the cure was there well in advance.

What does this mean? Well again ti shows the lack of understand of IT and computers, a world that people depend on. Yeah I”m being a little preachy, and yeah its interesting to see computer things make the mainstream news, but in all the wrong and misunderstood ways? That does no one any good. Heck there are things such as court cases, patten cases, copyright cases, security breaches, and many other things that should be reported properly in mainstream media due to the fact that the world relies on computers. Instead our field is the bastard child, the one that no one cares about until everything goes wrong, or is at least perceived to go wrong.

Until things change about IT and how it is perceived, we will have another Y2K or Cornficker doom party soon.