Quote: Original post by capn_midnight
In regards to Conficker C, why can't someone write a virus that exploits the same defect to gain entry to these PCs with the express purpose of wiping out Conficker C? It could even check back to similar randomized DNS names to decide if it should keep going, with the assumption that no continue message after a week means the virus should stop and delete itself.

I thought someone said that Conficker attempts to patch the exploit that let it in (the presence of which patch is now being used to track down the infections)? :s

Quote: Original post by LessBread
Has the worm struck yet? It's 9 pm GMT. April Fool's 2009 is almost over. The Internet Traffic Report shows no disruption.

Afraid to say so, but I think that the measurements on that site are not worth the time you waste reading the results.

For hahas, since 221 ms seemed ridiculously high, I've just pinged all the hosts under "Europe" and except for the one one located in Gauteng/South Africa (Europe, huh?) the worst response time was 66 ms (average around 35-45 ms, best 22 ms).
That one machine in South Africa gave me 820 ms, but this is certainly not representative, even for an EU-SA ping. I get 120-150 ms when pinging other random sites in SA. It just so happens that this one particular host seems to have a particularly bad connection or is in serious distress. Or both.

The first host in the "North America" section which is allegedly in Anaheim/California (9300 km away) has a ping of 28 ms for me. That's great, because it means that the internet works considerably faster than light!
Out of the other 5 US hosts that I randomly picked out of their list, one timed out consistently (tried a dozen times during half an hour... yes you can tell that I have nothing better to do) and the 4 others gave me pings of 130-140 ms which is 40-50 ms more than they have in their list, explained by the trans-atlantic cable.

So in other words, what that site displays has little to no value if you're interested in internet traffic or even a geographical breakdown like they claim.
What it really shows is "ping times from a host in the Los Angeles area to random servers on the globe of which neither location nor health is known".

Do you know of a better source for the same kind of information?



Regarding GhostNet, here's a different take:

Quote:
...
So, maybe the “GhostNet” report was an attempt to identify dangerous vulnerabilities of the Psiphon system as well as a piece of pro-bono do-goodery on behalf of the Tibetan émigrés.

Fact is, given the close ties between Citizen Lab and the Tibetan emigre movement, I would speculate that Dharmsala is a hive of Psiphon servers; and I wonder one result of the "GhostNet" hack was to infect the psiphonodes and send a trove of information about users inside Tibet back to Chinese security forces. Doh! That might cause potential psiphonode operators to think twice about participating in the program.

Tibet has apparently become the world’s hottest cyber-warfare battlefield. The Tibetan émigré movement has struggled to get unfiltered information (and, perhaps, instructions) into the Tibetan areas of the PRC.

The Chinese government has played whack-a-mole in response, monitoring Internet traffic and chat, blocking sites, jamming webpages with DNS attacks, shutting down Youtube last year and text messaging this year, confiscating satellite dishes and apparently even taking down cellphone towers.
...

Malicious virus quiet, but attack may be in works

Quote:
BOSTON, April 1 (Reuters) - Malicious software that has infected millions of computers across the globe failed to wreak havoc on Wednesday as some feared, but researchers warned the powerful Conficker worm could still strike.
...
Researchers feared the network created by Conficker might be deployed on Wednesday for the first time since the worm surfaced last year because it was programmed to increase communication attempts with its master server from April 1.

The security industry formed a task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the army of slave computers, known as a botnet.

That group thwarted the worm partially by using the Internet's traffic control system to block access to servers that control the slave computers. But in cases where the slaves did connect, they did not receive new marching orders.

Researchers warned the botnet's commanders are probably waiting until they are under less scrutiny before they mobilize the network of infected computers.

"I never thought it would happen April 1," said Roger Thompson, chief research officer at AVG, an anti-virus firm. "It might be tomorrow. It might be next week. It might be next month."
...

Quote: Original post by samoth
The first host in the "North America" section which is allegedly in Anaheim/California (9300 km away) has a ping of 28 ms for me. That's great, because it means that the internet works considerably faster than light!
Out of the other 5 US hosts that I randomly picked out of their list, one timed out consistently (tried a dozen times during half an hour... yes you can tell that I have nothing better to do) and the 4 others gave me pings of 130-140 ms which is 40-50 ms more than they have in their list, explained by the trans-atlantic cable.

So in other words, what that site displays has little to no value if you're interested in internet traffic or even a geographical breakdown like they claim.
What it really shows is "ping times from a host in the Los Angeles area to random servers on the globe of which neither location nor health is known".

There might also be a caching issue? :/