14 DAY TRIAL // According to The Register, one of the biggest DNS services, OpenDNS, will deploy Conficker detection today as part of a new wider botnet tracking service. Network admins will be able to see which computers are infected with the infamous worm, the company claims.
Conficker, also known as Downadup or Kido, is one of the biggest and fastest growing computer worms ever seen on the Internet. Its first version appeared in November, exploited a critical vulnerability in the Microsoft Windows Server service (MS08-067), and was rather “unpolished,” due to its creators rushing to release it.
However, its new variant launched in December has seen a real explosion and is a lot more resilient and stable. Its current infection count is estimated at some 11 million unique IP addresses. The worm is programmed to try to connect to some 250 different domain names every day for receiving instructions.
Fortunately, no updates have been pushed to the army of now zombie PCs to cause them to launch DoS attacks or send spam, but security experts are advising that this could happen at any time. Identifying and blocking compromised systems on a network pose serious problems to network administrators who would be forced to ban some 7,750 domains every month.
That is exactly the reason that has determined OpenDNS to implement such an automated solution. "The idea of blocking things on the network and doing it for consumers is a big change. Overall, we think we're uniquely positioned to do this," David Ulevitch, OpenDNS' CTO, comments for The Register, and indeed they are, as OpenDNS is one of the faster growing DNS services around, and is currently available in various home routers too.
The new service will be able to automatically block the command and control servers the infected systems connect to, thus protecting them from being misused, until administrators are cleaned. In addition, the new feature will alert admins of any Conficker traffic on their networks and pinpoint the sources. This new option will appear on the dashboard of its customers beginning on Monday, the company shares.
The OpenDNS service can be used by home consumers directly on their computers and routers, or by companies on DNS servers. The system is currently used by concerned parents or businesses to block phishing, malware, adult, social networking, video sharing websites. The Register notes that the list of blocked Conficker domains is provided by Kaspersky Labs.