PSA: Spreading the [bad] word

Not all of you folks on my FL read databeast, or keep up with the tech press.  Which is why I’m quoting his most recent post in its entirety here:

Next week, at 8pm EST/00:00 GST, the Conficker worm will download its next code update.

I’ve spent the last 4 months spending damn near my every waking hour fighting this thing.

If you have no idea what I’m talking about, just go google ‘Conficker’ now.  I’ll be happy to answer any questions.

In the meantime, go to http://windowsupdate.microsoft.com/ and download every last update on there.

Tell your friends to do the same.

if you can’t reach that site, you are already infected. Take your machine offline and get it disinfected by a professional.

But remember this, right now If you are not part of the solution, you are part of the problem.

Conficker is shaping up to be the scariest, largest botnet ever to have existed.  If you use Windows as your operating system, and you don’t regularly update it, you are part of the problem, and your computer is likely now the property of some shadowy criminal syndicate based out of God-Knows-Where.

If you aren’t a Windows user, but you know people who are, tell them the above instructions.  We have less than 7 days until what could, in the worst case scenario, be the most destructive event ever witnessed on the internet, a vast, data-stealing network owned by an organized crime syndicate.  We aren’t talking science fiction here folks.

If every man would sweep his own doorstep the city would soon be clean.

Italian Proverb

He’s not kidding, folks.  Conficker (aka Downup, Downadup, or Kido) is serious bad news.  It’s the next level of Internet worm evolution; it’s Botnet 2.0, the most sophisticated worm yet seen.  During one of its major activity spikes, on January 15-16, Conficker infected 1.1 million PCs in less than 24 hours.  At that time, F-Secure estimated — conservatively — that 3.52 million systems were infected worldwide.  By January 21 the number was believed to be around 9 million.  Current estimates run as high as 12 million.

For the technically knowledgeable among you, SRI International has an analysis of the most recent Conficker-C variant here.  For the non-technical, McAfee has some less technical information about what it does here.  And PC World has an article here detailing how it attacks and some measures you can take to protect yourself if you’re not already infected.  (The article is slightly out of date; one recent Microsoft security patch disables AutoRun for you as a precaution.)

One point from databeast‘s post cannot be emphasized enough:

If you run Windows, with ANY browser, and you can read this post, but you cannot get to www.windowsupdate.com, or GRIsoft.com (home of AVG antivirus), or Trend Micro, or Sophos, McAfee or Kaspersky or any other antivirus site, assume you are already infected.  Take your computer offline and seek professional assistance to get it disinfected and patched.

On April 1, the Conficker botnet goes active.  And we don’t have any idea what its new instructions will tell it to do.  But it could be very, very bad.

---

UPDATE:

Since Conficker can’t block downloads of tools from sites that don’t match its internal list of strings, I’ve mirrored several of the free Conficker removal tools locally:

• Enigma Software’s Conficker removal tool
• BitDefender’s single-PC Conficker removal tool
• BitDefender’s Conficker removal tool for Microsoft networks
• F-Secure’s Conficker removal tool
• F-Secure standalone worm-detection scanner, less specific

So if you can’t get to windowsupdate or any of the antivirus sites, you can download removal tools here.

A surprising move from IBM

I would never have predicted this one ... IBM is getting into high-speed rail, and plans to officially announce projects today in China, Taiwan and the Netherlands.

It's The Stupid Economy

So as widely reported, the US Government is planning to monetize debt to the tune of as much as a trillion dollars, funding it with bills still wet from the printing press.  The UK apparently has the same idea.

Except, it’s not working.

Brown’s government aims to sell a record 146.4 billion pounds of debt this fiscal year and as much as 147.9 billion pounds in 2010 as he tries to pull Europe’s second-largest economy out of its worst recession since 1980.

There’s just one problem.  Investors aren’t biting.  They bid on only £1.63 billion of the first £1.75 billion offering.  That doesn’t bode well for future offerings.

The DMO said as recently as December there was a possibility of a failed auction.  “We are in a very different world than we were six months or a year ago,” Robert Stheeman, chief executive officer for the agency, said in an interview.

No!  Really?

The UK Treasury has apparently authorized the Bank of England to print up to £150 billion to buy up debt.  Germany plans to sell €346 billion of bonds, while US bond issues will approach $2.5 trillion.

One wonders how many buyers there will be.  But I really have to wonder about this part:  When you issue bonds to secure funding, then print money to buy them from yourself with, have you actually accomplished anything at all in the real world except to dilute the money supply and end up with a larger slice of the diluted pie?  Or is that considered sufficient?

Letter to AIG : "I quit, I'm giving the retention money to charity"

Interesting reading:

The following is a letter sent on Tuesday by Jake DeSantis, an executive vice president of the American International Group’s financial products unit, to Edward M. Liddy, the chief executive of A.I.G.

Paper Tigers

The House Judiciary Committee on Wednesday approved a federal shield bill that aims to protect journalists from compelled disclosure of their confidential sources, in language identical to that of a 2007 bill that overwhelmingly passed the U.S. House of Representatives.  The new bill heads next to the floor for a new, full House vote.

The Free Flow of Information Act of 2009, or H.R. 985, would offer a qualified privilege for journalists, meaning they could not be compelled to identify sources or hand over confidential material except under several scenarios:  If doing so would prevent harm to national security, or death or bodily harm; if it were essential to the investigation, prosecution or defense of a crime; if it were deemed “critical to the successful completion” of a legal, non-criminal issue.  Also, a reporter could be pressed for confidential information if it were necessary for pinpointing who leaked trade secrets, certain health data or classified national security information.

In other words, “journalists [...] could not be compelled to identify sources or hand over confidential material” ... unless the government felt like compelling them.  Those exceptions, in the hands of government, are so broad you could sail a supertanker through the holes they leave.

This bill is reminiscent if the Clash song “These are your rights”:

You have the right to free speech,
As long as you’re not dumb enough to actually try it.

Parking meter revolt in Chicago

Folks in Chicago aren’t happy about their elected thieves selling the city’s parking meter concession to a private company that promptly raised the meter fees by seven times, and they’re taking action.  They’re boycotting city parking, vandalizing the meters, filling them up with pennies or nickels, and other tactics.  One commenter says,

This is what happens when a king makes decisions without the voter’s consent - when people have no voice.

Another has had enough, and is leaving Chicago forever.  But he plans to leave the city a parting message:

“After more than 20 years here I’m done, just done,” says Chicago Tom.  “Our condo is for sale and when it does, we’re outta here.  In one last act of defiance, my wife is going to drive our car and intentionally get a red light ticket with photo/video - we’ll have the plates disguised.  When the video/photo is viewed, they’ll see my bare ass pressed against the back window accompanied a couple middle fingers.  We’ll then drive out of town for the last time.”