OpenDNS teams with Kaspersky steps up fight against Conficker/Downadup worm

OpenDNS teams with Kaspersky steps up fight against Conficker/Downadup worm

Tags:   DNS service  Emerging information security threats  Kaspersky Lab  Microsoft Conficker/Downadup worm

By Robert Westervelt, News Editor | Feb 9, 2009

Thumbnail: 

OpenDNS is stepping up the battle against the Microsoft Conficker/Downadup worm, with a new service launching next week that predicts the worm's command and control domains and ultimately blocks them, rendering the worm useless.

The service relies on researchers from antivirus vendor Kaspersky Lab, who have dissected the worm's domain algorithm, and can predict which domains the worm will use to get its orders. Kaspersky will pass the information on to OpenDNS, which will update its servers and bulk block the domains, said David Ulevitch, founder and chief technology officer of OpenDNS.

'We'll be able to effectively cut the worm off at its knees,' Ulevitch said. 'Infected machines will not be able to phone home, and without being able to phone home the worm is dead in the water.'

The Microsoft RPC worm, known by many as Conficker/Downadup, has infected, by some estimates, as many as 10 million computers. The damage so far has been minimal since the worm writer hasn't yet sent out the worm's payload. Security researchers have been tied into the hundreds of IP addresses being used to connect the attacker to the infected machines awaiting the worm's commands. Experts say the worm's proliferation peaked more than a week ago when those who were slow to install Microsoft's MS08-067 patch, got it deployed.

Ulevitch said OpenDNS will also be able to alert IT administrators if it detected the worm trying to connect to domains from their systems. The service will also provide information for researchers on who is being infected and how quickly the worm is spreading.

Although the service is primarily manual, Kaspersky will be able to provide a bulk list of future domains the worm will use covering 20 days, Ulevitch said.

OpenDNS, which sells DNS services to business and consumers, also sells Web filtering and antiphishing services. Ulevitch said about 60% of the company's customers are in the United States. The company also runs Phishtank, a website where users can submit suspected phishing sites. The firm has its roots in the consumer market, but has branched out with services that appeal to IT administrators.

It plans to announce several new features later this year that will appeal to enterprise customers, including the ability to tie into Active Directory and other more advanced IT features, Ulevitch said.

Experts don't know how much damage Conficker will cause. Experts agree that worm propagation and exploitation is primarily a financially motivated method of attack. In a recent interview, Thomas Cross, a security researcher with IBM ISS' X-Force security team, said the worm can be ordered to steal sensitive information or conduct a denial-of-service attack against a specific website or business.

'It's been a while since a worm of this magnitude has infected the Internet,' Cross said. 'It's most likely the case that we're going to see financially motivated exploitation of this network.'

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Outlook: Emerging security technology trends
As part of an ongoing discussion from IBM, this white paper helps us to gain a perspective on the security challenges organizations will face in the next few years. What fundamental technology trends are expected to impact organizations this and the following years? And how can organizations position themselves to profit from the myriad opportunities while managing the risk that inevitably accompanies them?
Top 10 challenges for managing emails
MessageLabs surveyed 157 IT professionals to understand the difficulties and opportunities faced by email managers. What kept them awake at night? What cost the most money or took the most time? And from these responses highlight some easy-to-manage solutions to their most pressing problems. This paper presents the results of the survey and actionable recommendations.
 
 
 
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
Budget-conscious NGO cuts costs and improves IT productivity with Symantec
St James' Settlement reduces staff time spent on data protection administration by 80% and on software inventories by almost 100%.
 
 
 

Recent popular content

Most Read
Tripwire steps into SIEM territory
What to do with Microsoft SMB2 vulnerability
Internet Explorer vulnerabities cause data leakage
Microsoft expands SDL program
Top 10 challenges for managing emails

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS