> Adblock Plus still tops the list, however.

Which doesn't annoy advertisers. In fact, it helps them by conserving their bandwidth!

That is not a simple fix, that is a temporary workaround. Turning off the JIT compiler has performance implications.

If that's the case, I'm going to run a genetic code generator for a few thousand iterations, get some really meaningless routines, make a random main(), add some TicTacToe code, then submit it for review: HotTicTacToe as a 7MB binary... Let them figure it out.

> We now have Windows Defender... What is so special about Conficker..

For one, conficker kills Windows Defender and keeps it from starting up on reboot.

Go for it. See if you can reverse engineer conficker's encrypted and digitally signed binaries. It's only RC4 and MD-6. MD-6 was only released a few weeks prior to the first wild sightings of version C. Still wanna mess with these guys? Then all you have to do is figure out which of the 50,000 domains spread across ~120 .tlds to register so you can put your binary on it for when conficker does it's daily payload check.

Or if you want, you can try to infiltrate it via its own P2P network. You better be quick, if conficker detects it is being debugged, it quits. Can't look at the code? Hmmm, maybe look at the p2p protocol? Doh! you cannot run wireshark on an infected system, conficker process kills just about anything you would use for disinfecting every second (though I might change the .exe name of a tool i was using). But even then you have to figure out the digital signature before conficker will run your binary, it's a 4096 bit key, you better get started. Bonus points for breaking it before the authors update it.

This worm is piece of work. It memory patches your dns resolver. It kills your security products. With it's encryption, every copy is different. It hides with random file name, in several locations, date same as your kernel, and the registry entries get pretty names most would overlook on a quick glance. The ports it opens are a function of your IP address, so you cannot just look for port xyz traffic, but a remote conficker can figure out which ports should be open for your IP. It does updates with a plain URL that no IDS could catch without red flagging genuine HTTP requests. It closes it's infection vector but opens another back door. It pokes holes in your firewall, and gives them pretty names too. But wait there's more! It tries to spread through network shares with weak passwords and copies itself to the modern sneakernet of USB drives. Its IP scanner even avoids unregistered address space.

The authors of this worm seem to be a few steps ahead of everyone. It's weaknesses get patched, it's vulnerabilities get updated. As long as we have people running pirated copies of Windows, or people too afraid to auto-update for whatever reason, we better get used to things just "living" in the internet. Anti-worm? goodluckwiththat!

Hopefully they haven't discovered spoofing.

No, because he said, "legitimate traffic."

Fine then, cut both of China's internet connections.

Problem Solved!

Everyone forgets it because you only type it once. Then you can't type worth a darn anymore and you just join the circus.