In association with heise online

12 February 2009, 18:24

Microsoft, ICANN and others, move to block Conficker

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft has announced that it is working with ICANN and others to block the Conficker worm from calling home, looking for a payload. Microsoft has also announced a $250,000 reward for information that leads to the arrest and conviction of whoever launched the Conficker worm.

The initiative is a collaboration between by Microsoft, ICANN, NeuStar (.biz), VeriSign (.com, .net and .cc), CNNIC (.cn), Afilias (.info), Public Internet Registry (.org), Global Domains International Inc (.ws), M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.

Of the domains that Conficker would use, a large percentage have now been blocked from being registered. A number of the remaining domains are being used by trusted research partners to set up 'Sinkhole' servers, which will allow researchers to monitor Conficker's future behaviour.

It is believed that Conficker, which calls the, now-blocked, domains looking for new downloadable code, could have allowed whoever was behind the worm to make it perform more malicious actions than just spreading rapidly, such as turning into an active botnet. Microsoft's Steve Lamb, replying to heise online's queries, said "There may be a second phase of the threat at some point in time ... At the end of the day, we can't speculate on the intentions of criminals. The reality is we don't really know for sure, but Microsoft and others are working to limit the impact of any second phase".

F-Secure were the first to intercept Conficker's domain name generation process and to predict where infected machines would be "calling home" to next. This allowed them to begin to estimate the size of the infection, which in mid January was estimated to be at least nine million systems.

Earlier this week, OpenDNS moved to block Conficker for users of the OpenDNS service, by providing blocking and alerting. This latest move by the collaboration of DNS registrars goes beyond that, aiming to protect all users. Greg Rattray, ICANN's chief Internet security adviser said "The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together".


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit