By David Meyer and Tom Espiner ZDNet.co.uk Posted on ZDNet News: Jan 15, 2009 8:35:16 AM
The 'Downadup' worm is spreading quickly and now infects more than 3.5 million PCs, according to the security company F-Secure.
In a blog post on Wednesday, F-Secure put the total number of infected machines at an estimated 3,521,230 — a rise of more than a million machines over the previous day's tally. The security firm bases its estimates on information it has gleaned by tapping into infected machines.
Downadup, which also goes by the name of Conficker, exploits a vulnerability outlined in MS08-067, a Windows Server service flaw that was patched in October. It executes a dictionary attack in order to try cracking user passwords, in the process locking user accounts out of the Active Directory domain. It emerged a week ago that Downadup can also infect USB sticks, thereby propagating on the client side.
F-Secure's chief research officer, Mikko Hyppönen, wrote in a blog post on Tuesday that the infected PCs had the potential to form "one big badass botnet". Hyppönen pointed out that the Downadup worm works by trying to connect to various web addresses. "If the worm finds an active web server at one of these domains, it will download and run a particular executable — thus giving the malware gang a free hand to do whatever they want with all of the infected machines," he wrote.
"[Downadup] uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com," Hyppönen wrote. "With this algorithm, the worm generates many possible domain names every day… This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place. However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines. Pretty clever."
Hyppönen then said F-Secure had determined some domains that would be generated by Downadup, and registered them. It was through this method, which gave the firm access to the infected machines, that F-Secure has been able to determine the approximate number of victims.
"Right now, we're seeing hundreds of thousands of unique IP addresses connecting to the domains we've registered," Hyppönen wrote. "A very large part of that traffic is coming from corporate networks, through firewalls, proxies, and NAT routers. Meaning that one unique IP address that we see could very well be 2,000 infected workstations in real life."
Graham Cluley, senior technology consultant at Sophos, told ZDNet UK on Thursday that "businesses should already have patched this vulnerability when the Microsoft patch came out some weeks ago". He urged those businesses that had not yet patched to do so as soon as possible, adding that companies should check laptops and USBs coming into the company, for example, by using a network access control (NAC) product.
Gerald: But Bill Hamas fired 6,000 rockets at Israel.
Bill: oh, well then , umm ahh Israel should leave after
they drop 6,000 bombs.
Gerald: Umm FAIR ENOUGH.
Bill: Wait a min. Hamas fired 6,000 rockets at Israel.
Bill: And Hamas is complaining about the Israel invasion.
Bill: So Hamas Knew Israel would invade, for firing 6,000 rockets at Israel.
Bill: so what did Hamas expect Israel to do.
Just sit there and get hit by another 6,000 rockets.
Gerald: Hamas does NOT value there own childrens lives.
They even dress them up like suicide bombers, see here.
Placing children around weapons and targets Hamas knows
Israel will bomb, is a ploy in the Hamas Information war.
Bill: Umm so some uneducated people that only hear one side
of the conflict in the info war, just hear Israel is killing children.
Gerald: YES, Hamas is placing children where they will be killed
when Israel hits legitmate targets.
Bill: Well from the pics it looks like that is part of the Hamas culture
to kill children.
Gerald: Well I would not go that far but the photos do shos intent. HERE
Bill: So Hamas fired 6,000 rockets at Israel knowing Israel would fight back.
And place children in harms way for the PRESS STORIES?
Gerald: YES, its part of their Info war, but it is back firing, as people
reconize what Hamas is doing, endangering and killing their own children for
Bill: I want to change my protest.
Bill: Protest against Hamas for killing their own kids.
Gerald: Now you got it, Hamas thinks the Ummah is so stupid they won;t
realize whts going on.
( Notice the look on the fathers face. notice the look on the girls face, notice the peace sign she is flashing, notice fake? explosives the father tied to her. )
special place in hell for them. 6000 rockets at Israel then hide behind children. Gaza should be bombed to dust...... Hamas plan to kill children...BACKFIRING
UPDATE on Info war:
The Islamist (MB) Takeover of Al-Jazeera?>Global Muslim Brotherhood Daily Report (free subscription required) has an interesting look at the growing Islamist agenda of the al Jazeera TV station, and the roots of the shift in the Muslim Brotherhood.
It is an important observation since so much of the Arab world-as well as the Western media-look to the station to portray and interpret events, particularly the Hamas-Israeli conflict.
It is easy to forget (and shockingly seldom reported) that Hamas is an organic part of the global Muslim Brotherhood, according to article 2 of its own charter. So that the Ikhwan would seek to control the main medium for the outside world to interpret the conflict is not at all unusual.
The report looks at Wadah Khanfar (aka Waddah Khanfar), the station’s General Manager, as the driving force behind al Jazeera's move toward embracing the Islamist agent, while marginalizing other voices in the station that once had a significant role.
In October 2006, one of Al Jazeera’s own correspondents stated that Mr. Khanfar had a Muslim Brotherhood background and asked him about it directly, receiving a non-denial and evasive reply:
Mr. Waddah, you have and Islamic background, specifically Muslim Brotherhood, don’t you think that this is conflicting with your position as a head of the biggest Arab media organization now?
In fact, I do not classify myself as belonging to a certain political ideological movement, this is firstly an important issue which is very ..
(interrupting) ..Or you were belonging ..
I think that firstly I belong to this Nation including its collective legacy and mind, and that this something I value and am keen on it, but I tell you clearly and frankly, Aljazeera taught us always that our affiliation to Aljazeera- as an administration or press- is an affiliation to an institution with deep-rooted rules and with a clear identity based primarily on proficiency and respecting the opinion and the other opinion, and it isn’t absolutely based on differentiating between people on ideological, intellectual or party bases.
NEW YORK - The Al Jazeera Network plans to announce on Thursday that it has signed a deal to run its news on Worldfocus, a syndicated nightly news program produced in New York and distributed throughout the United States.
The deal would help the international news network, one of the top services in the Arabic-speaking world, broaden its reach in the United States, where it so far has been available to only a limited audience.
Worldfocus, hosted by former NBC News correspondent Martin Savidge, is produced by New York City public broadcaster WLIW and syndicated to a number of Public Broadcasting Service affiliates, as well as other stations in 60 U.S. markets, including 27 of the top 30.
Al Jazeera declined to disclose terms of the deal.
Palestinians sources confirm that Siad Sayam died in an Israeli aerial strike over Gaza, Thursday, January 15, as the third week of Israel's offensive ended. Killed with him were his brother, Salah Abu Sarah, head of the organization's security service and Mahmoud Watfa, commander of Hamas military wing. In Damascus, Hamas leader Khaled Meshaal declared there would be no concessions for a ceasefire.
From our beltway insider:
Siad Sayam was considered the #3 leader in Hamas, and was employed by the UN in Gaza as a "teacher", coordinating the use of the various UN relief agencies as a screen/shield for Hamas activities. UN relief and humanitarian supplies often contained arms, explosives, uniforms, logistical supplies. UN facilities were used for military training and Hamas' command and control.
Any "ceasefire" will be tactical. Used by the Israelis for after-action, damage assessment, refreshing targets, re-arming, logistics, shaping the battlefield. They are using up a lot of munitions and our resupply needs to catch up, especially before Obama swears-in. Hamas will continue to be degraded until all of its "officer corp" is captured or dead or exiled.
There will be no withdrawal, for years, to ensure Hamas doesn't rocover. Gaza will be run by Fatah, a two state solution will be worked out.
Two California Highway Patrol Officers were conducting speeding enforcement on I-15, just north of the Marine Corps Air Station at Miramar . One of the officers was using a hand held radar device to check speeding vehicles approaching the crest of a hill. The officers were suddenly surprised when the radar gun began reading 300 miles per hour. The officer attempted to reset the radar gun, but it would not reset and then turned off.
Just then a deafening roar over the treetops revealed that the radar had in fact locked on to a USMC F/A-18 Hornet which was engaged in a low flying exercise near the location.
Back at the CHP Headquarters the Patrol Captain fired off a complaint to the USMC Base Commander. The reply came back in true USMC style:
~ ~ ~
Thank you for your letter. We can now complete the file on this incident.
You may be interested to know that the tactical computer in the Hornet had detected the presence of, and subsequently locked on to your hostile radar equipment and automatically sent a jamming signal back to it, which is why it shut down.
Furthermore, an Air-to-Ground missile aboard the fully armed aircraft had also automatically locked on to your equipment location.
Fortunately, the Marine Pilot flying the Hornet recognized the situation for what it was, quickly responded to the missile system alert status and was able to override the automated defense system before the missile was launched to destroy the hostile radar position.
The pilot also suggests you cover your mouths when cussing at them, since the video systems on these jets are very high tech.
Sergeant Johnson, the officer holding the radar gun, should get his dentist to check his left rear molar. It appears the filling is loose. Also, the snap is broken on his holster.
1,2,3 are correct, 4 is sort of true. Kasab's family moved out of Faridkot to stay with a cousin in a nearby village to avoid attention, Kasab's maternal uncle is staying at the family home for now. That was done at the request of the Pakistani government and very willingly accepted by the Kasab's
Maj Gen Mehmood Ali Durrani is a close associate of Musharraf and an old friend of America. Some history on him: then IIRC Armoured Division Commander Durrani asked President Zia ulHaq by very intense requests and repetitive insistences to attend tank trials at Bahawalpur. On the flight there, ulHaq's plane crashed, killing him. Durrani was in DC on 9/11 and helped coordinate the military airlift/Paki over-flight for our invasion of Afghanistan.
After Durrani "retired" he did a study at Sandia National Labs on Musharraf's special request in 2004-05. The study involved storage and security for nuclear weapons. He then became ambassador to the US. Durrani was then appointed as the National Security Advisor to the Prime Minister Gilani by the president Zardari and the PM never liked it. Durrani acted at its own and is widely believed as the US representative in the Pakistani government.
After Mumbai we asked China to mediate and get the Pakistani's to speak in one voice while we asked India to back off. The Chinese envoy was in India asking them to agree to a joint investigation. Pakistan had almost completed its investigation and agreed to accept Kasab's nationality. But the Pakistan foreign office wanted India to first agree to a joint investgation and access to Kasab and the physical evidence. Durrani's statement destroyed Pakistan's negotiating position because he spoke before negotiations were done. Now India is playing I've-got-a-secret.
Durrani is very close to the Bhuttos/Zardari. Gilani is under heavy pressure by us and Zardari to be reinstated. Zardari may do it on his own but that could cause a confrontation with Gilani's sponsor President Zardari, so it's delicate.
Gilani had been looking for any excuse to sack Durrani. Durrani's mistake was to go on Indian TV and announce Kasab's Pakistani citizenship ahead of Gilani's government's negotiations with India and subsequent announcements. Gilani doesn't like to be upstaged. Durrani clearly spoke out of turn, and Gilani is now threatening to resign if Durrani is reinstated.
The time to unite is upon us! we must have our own rules and our own laws! beacuse under the rules of others we are only silenced and injustice is our shadow..it is time to rise and it is time to awaken..
Ready to take out all secret nuclear operations, and command and control.
Word behind secret closed doors is Israel has tried to get approval
to take out Iran nuclear sites twice.
Both times refused.
Israel doesn't trust Condi Rice, and CIA still miffed
at the attack on Syria nuke site.
Israel trying a flank action on CIA going directly to George.
Israel willing to go it alone.
Bush has increased intel sharing with Israel about secret ops
in Iran sabotaging electronics, PC's, and service machinery.
When they do test expect multiple failures.
George is passing on a pipeline direct to Iran's nuke operations
Iran in for very rude awaking..
Our paradigm Intel has been omitted for Opsec reasons.
Big story on Paki meeting, awaiting opsec clearance.
Tuesday, January 13, 2009 at 11:52:43 PM
Prince Muqrin will attend a reception hosted by the Saudi ambassador to Pakistan, Ali Awadh Al-Asseri, tonight. All the key players will be there. about India? meeting about Taliban? Meeting over, ops sec cleared. xxxxxxxx
Big disturbing story about Paki leadership, awaiting photos