Trending

    Today's Tech News and Reviews

    Security News

    Cabal Takes On Conficker’s Domain

    JamesBy Updated:2 Mins Read

    Source: eWeek/Matthew Hines

    Conficker (aka Downadup) has turned out to be an annoyingly persistent pest, worming its way around actively for almost four months now.

    In a high-profile effort to stem the worm’s continued re-spawning, Microsoft, Symantec and a crew of partners including ICANN, VeriSign, Neustar, Public Internet Registry, F-Secure, AOL, Support Intelligence and Arbor Networks unveiled a new alliance today aimed at trying to stomp the attack out by going after its very roots.

    The effort specifically contends that it can help stop the worm by cutting off its domain name absorption patterns. However, as an added incentive that highlights how much trouble Conficker has wreaked, Microsoft has also posted a $250,000 (not million, hahaha, my bad!) bounty for anyone who can turn over the individual(s) responsible for launching the campaign.

    Dr. Jose Nazario of Arbor, which specializes in security monitoring systems used by major infrastructure providers and large enterprises, has been one of the most recognizable experts tracking the escalation of botnets and other forms of mass-malware threats like Conficker, for a number of years.

    In an interesting follow up to the alliance announcement, Nazario posted some additional details about the anti-Conficker effort on Arbor’s blog today.

    Conficker’s unique makeup that has employed USB memory devices to spread itself in addition to more typical TCP/445 transit makes it truly potent with the attack “spreading like wildfire in the enterprise,” Nazario writes.

    The expert outlines one of the techniques that the alliance, or “Conficker Cabal” has been employing to try take over domain names they believe will be next used in the attack via proactive pre-registration.

    Broken open by researchers at F-Secure, the algorithm involved driving Conficker’s domain consumption attempts to use a “long list of psuedo-randomly generated domain names to contact over HTTP and then grab new code,” the expert said.

    Having cracked the code, alliance members believe that they can now get ahead of the threat and choke it off now. Only the team efforts of F-Secure, Microsoft, ICANN, TLD ops and influential registrars, among others, have made the effort possible, he said.

    However, despite all the optimism, the security community shouldn’t assume that it’s game over.

    “Just because the bot’s update mechanism appears to be cut off doesn’t mean that it’s no longer a problem,” writes Nazario.

     

    You May Also Like:

    Oops! Nevermind, I found nothing related.

    Share.
    Avatar photo

    Senior Editor, Author, Reviewer and Designer for Poc Network, ProAudio and Mobile Nations. James enjoys spending most of his time as an audio engineer and technician for the live music industry when he isn't running around the office here juggling an intense workload. He can also be found frequently in the nearby mountainous ranges, scrambling rocks and rappelling down large sections.

    Related Posts

    Leave a reply and let us know what's on your mind!

    This site uses Akismet to reduce spam. Learn how your comment data is processed.