The recent attack of the dreaded Worm Conficker is one of the most widely spread in the history of Internet. No other worm has spread so quickly and affected so many of the computers worldwide. Millions of computers have been affected and some estimates mention that as many as one in every six computers is infected wtih it.
One of the reasons behind the huge succes of Conficker Worm has been its capacity to use advanced algorithms to constantly change the domains used for getting instructions. If a Worm uses a few domain names to get the instructions, then it becomes easier for the security vendors to block that domain. Blocking that domain effectively chokes the supply line of the Worm and it doen’t remain as lethal as it could be.
But the Conficker Worm changes the domain frequently and becomes very difficult to block it.
Now OpenDNS and Kasperesky Labs have teamed up to block these domains. If you are not sure, what is OpenDNS, then we encourage you to check out out post on OpenDNS | A tool for best FREE Internet Security.
In fact, Kaspersky Labs has dug deep into the code of Conficker and now they have discovered the algorithm with which Conficker generates the domain names. The partnership with OpenDNS ensures that these domains are blocked from getting accessed. Once the Worm in an infected computer is not able to contact its masters for further instructions, then the potency of the worm reduces considerably and the Internet is a safe world.
OpenDNS Botnet Protection, as well as its use to fight the Conficker virus, represents a key innovation in the use of the Domain Name System. Conficker uses a set of seemingly random domain names as a meeting place for the virus to exchange data with its author, such as how many new machines each host has brought into the botnet, or details on any code upgrades or attacks the owner wants to take place. These domain names are generated using an algorithm so they change every day, making traditional methods like revoking domain registrations used by botnet authors ineffective.
Kaspersky Lab has taken steps to preemptively predict the domains that will be used in coming days by the virus, and is collaborating with OpenDNS by sharing the predicted domains. OpenDNS Botnet Protection then blocks the domains from resolving inside the OpenDNS service, for all OpenDNS users. Consequently, OpenDNS Botnet Protection prevents the virus from taking part in any further actions at the instruction of the virus author, and effectively prevents the virus from causing additional damage and alerts networking administrators of malware living on their network.