Individual Eleven – The World's Cyberbrain

Another memo, another bulletin has arrived. This time it is from United States Computer Emergency Readiness Team (US-CERT), our security department seems to be busy lately these memos are becoming more frequent. Regardless, it is all for the good, after all it is interesting to know what actions are being taken globally.

Their alert underlines what we already know, so it is not exactly a revelation to us. However, I find it interesting that the problem has escalated to such an extent that Homeland Security has been involved. Possibly, there is the feeling of an attack at national security, cyber terrorism anyone? I had a pleasurable evening last night with some friends, and we discussed whether the Chinese government engineered Conficker. I personally feel it is most likely an independent organisation or the Russian government. However, without going into a whirlwind of skulduggery and conspiracy, we were perhaps wrong on both counts and it is some 16-year-old code monkey, which just happens to be bored for the past year or so.

On a lighter note, I am now officially on holiday and I am visiting a friend of mine in Holland next week. I managed to achieve as much as I can at work, and I have locked away all pens and Post-It notes from the prying eyes of work colleagues. Call me possessive, but I would like my desk to be intact and to have all contents unmoved when I return. I am sure I will make some sporadic blog posts on my travels; I will be taking a British Airways flight, which means my first visitation of Terminal 5 at Heathrow airport. I hope that the baggage handlers are not on strike…

Miscellaneous, Tech conficker, US-CERT, w32.downadup

I walked into work today, with an air of anticipation on the potential torrent of problems with our servers. Fortunately, it was all quiet on the western front with not a single incident of viral infection reported. It was so anti-climatic in a way, a similar feeling you get when you pay good money to watch a mediocre film, after reading the hyperbole that came with it.

Not that any complaints were issued, myself and many others were quite relieved but we pre-empted the problem early on and thankfully our security precautions were not put to the test. Perhaps the warning of impending doom was the April Fool’s joke in itself, maybe we will never know. Nevertheless, this is perhaps not the last we will hear of this and as ever, new security vulnerabilities appear every day.

If you were not so fortunate, then you may be interested in this. As part of our research, Sophos released a newer stand-alone Conficker clean-up tool. We have not needed to use it, but I thought it prudent to share if you are still fire fighting in your I.T environment. You will need to have a MySophos account to download the tool; you can create one on their site.

Tech conficker, Conficker.D, Sophos Conficker tool, w32.downadup

Microsoft sent a bulletin to us at work, with some additional memos internally about this. In their bulletin, they mentioned a collective (Conficker Working Group) specifically created to combat this virus and a note about the $250,000 reward for the culprits. However, the main detail here is the possibility that 1st April will be the trigger date for the Conficker.D variant, to initiate contact with internet domains. Perhaps after contact, the instructions will be to redirect you to another URL that has the real payload. But I suppose we won’t know until it actually happens. Full blog entry by Microsoft can be read here.

As stated, this behaviour is the same as Conficker.B but introduces a wider scope in terms of which domains it will try to target. This will no doubt indicate that the virus writers want to spread this as widely as possible. If you were like me, then you would have been fully security patched by now across all affected platforms. The main thing here is to:

• Update your systems with MS08-067
• Keep your AV software up to date
• Monitor port 445 traffic if possible

Taking precautions is the main thing, and if you are sensible, you will not encounter this virus at all. Given how this worm is still causing problems, mainly in enterprise environments, all system administrators should be fully up to speed with this. Our company policy of banning USB devices is still in place, and we have resorted to burning files onto CD/DVD R/W. However, in certain cases we have permitted usage of USB drives.  We have separate “sheep-dip” machines, which are completely standalone, with McAfee VirusScan Enterprise 8.5 installed. It seems to do the trick, we scan the USB drives prior to usage, copy the files you need and then scan it again afterwards.

Tech conficker, Conficker.D, ms08-067, w32.downadup

Well this week has been catastrophic at work. Anything you could possibly imagine that could go wrong did go wrong. We’ve been given second hand server kit to build from, including the CPU which consequently gave up the ghost on first boot. My illustrious colleague had fun tackling that one and trying to convince Project Managers to source new kit, you know how that goes. The main source of cooling in the server room, the large AC at the back, spontaneously burst into flames. The smell of smoke and burning PCB was intoxicating; I had to make alternative routes to the kitchen so I could make tea. Also for the past two weeks, I have been trying to virtualise an Exchange cluster from physical boxes into ESX. The P2V worked fine, except I had no idea why this one particular server kept churning out Kerberos errors. I have tried everything, installed, uninstalled, netdom reset, went through the cluster installation documents over and over, perused over hundreds of knowledge base articles, checked Active Directory, evicted the node so many times to start afresh. System Attendant refused to start which means Exchange could be classed as dead. Suffice it to say, there was something fundamentally wrong that I had no time to troubleshoot… an executive decision was made and I am rebuilding the damn thing within ESX from OS up.  Not to mention the strange weather we are having, Chicago was getting tons of rain while we were getting the snow. Shouldn’t it be the other way round?!

But I digress, there has been some interesting news this week that I will just put into one big hat. So here we go…


Square Enix buys Eidos
Are we going to see Lara Croft standing alongside the likes of Cloud and Squall? Or maybe she can come on as a Summon using her pistols of death. Either way, Eidos’ last iteration of the Tomb Raider series did horribly, as dictated by the sales figures. It’s a shame that this franchise has gone downhill so rapidly, but I’m sure the gods at Square Enix can turn things around with the licenses they have now acquired.

1,234,567,890 – Almost like a birthday
When the clocks hit 23.31:30 UTC, it was exactly 1234567890 seconds since January 1st 1970 when the Unix clock started ticking. This event is almost like witnessing a full eclipse, and there are going to be some geeky parties going on I’m sure.

Facebook is $65 million poorer
Oh woe is me. This is probably pocket change for Mark Zuckerberg, the founder of Facebook, whether he really did steal the idea from his ex Harvard pals or not remains to be seen. I’m sure that if Facebook was not was as successful as it is now, they wouldn’t be suing him. The problem is, just because you have an idea does not mean you can implement it into a viable business. So considering this, some credit is due to Mr Zuckerberg.

Microsoft issues bounty for Conficker culprits
It’s that old chestnut again, what seemed to be a rather harmless worm virus (after all, it doesn’t really do much if you take precautions and implement safeguards) has turned into something of a black plague in the enterprise world, including government institutions. The person or persons involved have been marked; watch out for wanted posters on a lamp post near you.

And finally…
It’s Valentine’s Day, so I hope you all have a wonderful time with your loved ones… perhaps you will get a surprise from an unexpected someone. However, if you feel all alone sobbing in a dark, damp corner somewhere then here is an ASCII heart just for you!


_________pork and____________pork and
______pork and bea_______pork and beansp
____pork and beanspor___pork and beanspork
___pork and beanspork and beanspo_______pork
__pork and beanspork and beanspo_________pork
_pork and beanspork and beanspork a_______pork
_pork and beanspork and beanspork and b______p
pork and beanspork and beanspork and bean__por
pork and beanspork and beanspork and beans_por
pork and beanspork and beanspork and beanspork
pork and beanspork and beanspork and beanspor
_pork and beanspork and beanspork and beansp
__pork and beanspork and beanspork and bean
____pork and beanspork and beanspork and b
______pork and beanspork and beanspork a
_________pork and beanspork and beans
____________pork and beanspork and
______________pork and beanspork
_________________pork and bean
___________________pork and
_____________________pork a
______________________pork
_______________________po

Miscellaneous, Tech 1234567890 Unix time, conficker, Eidos, Facebook, Valentine's Day