OpenDNS teams with Kaspersky steps up fight against Conficker/Downadup worm

OpenDNS teams with Kaspersky steps up fight against Conficker/Downadup worm

Tags:   DNS service  Emerging information security threats  Kaspersky Lab  Microsoft Conficker/Downadup worm

By Robert Westervelt, News Editor | Feb 9, 2009

Thumbnail: 

OpenDNS is stepping up the battle against the Microsoft Conficker/Downadup worm, with a new service launching next week that predicts the worm's command and control domains and ultimately blocks them, rendering the worm useless.

The service relies on researchers from antivirus vendor Kaspersky Lab, who have dissected the worm's domain algorithm, and can predict which domains the worm will use to get its orders. Kaspersky will pass the information on to OpenDNS, which will update its servers and bulk block the domains, said David Ulevitch, founder and chief technology officer of OpenDNS.

'We'll be able to effectively cut the worm off at its knees,' Ulevitch said. 'Infected machines will not be able to phone home, and without being able to phone home the worm is dead in the water.'

The Microsoft RPC worm, known by many as Conficker/Downadup, has infected, by some estimates, as many as 10 million computers. The damage so far has been minimal since the worm writer hasn't yet sent out the worm's payload. Security researchers have been tied into the hundreds of IP addresses being used to connect the attacker to the infected machines awaiting the worm's commands. Experts say the worm's proliferation peaked more than a week ago when those who were slow to install Microsoft's MS08-067 patch, got it deployed.

Ulevitch said OpenDNS will also be able to alert IT administrators if it detected the worm trying to connect to domains from their systems. The service will also provide information for researchers on who is being infected and how quickly the worm is spreading.

Although the service is primarily manual, Kaspersky will be able to provide a bulk list of future domains the worm will use covering 20 days, Ulevitch said.

OpenDNS, which sells DNS services to business and consumers, also sells Web filtering and antiphishing services. Ulevitch said about 60% of the company's customers are in the United States. The company also runs Phishtank, a website where users can submit suspected phishing sites. The firm has its roots in the consumer market, but has branched out with services that appeal to IT administrators.

It plans to announce several new features later this year that will appeal to enterprise customers, including the ability to tie into Active Directory and other more advanced IT features, Ulevitch said.

Experts don't know how much damage Conficker will cause. Experts agree that worm propagation and exploitation is primarily a financially motivated method of attack. In a recent interview, Thomas Cross, a security researcher with IBM ISS' X-Force security team, said the worm can be ordered to steal sensitive information or conduct a denial-of-service attack against a specific website or business.

'It's been a while since a worm of this magnitude has infected the Internet,' Cross said. 'It's most likely the case that we're going to see financially motivated exploitation of this network.'

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Federal government may step in to ensure privacy protection
UTM product offers Logansport Savings Bank superior protection
Top 10 tips for protecting sensitive data from malicious insiders
Healthcare personnel insist on social networking access
Virtual patching makes an impact on RSA conference

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS