Microsoft reached back to the days of the Old West last Thursday to battle an online worm that has infected millions of computer worldwide. It put out a bounty and assembled a “posse” to catch the bad guys.
Microsoft announced a $250,000 reward for information leading to the arrest and conviction of the author(s) of the Conficker worm, also known as Downadup. The worm first appeared late last year and has multiple ways to infect machines running Windows. Estimates range as high as 12 million computers infected, and the infections have the potential of creating a gigantic “botnet” out of those machines. This could be used for distribution of malware, spam or to launch Distributed Denial of Service (DDoS) attacks. A patch was released by Microsoft in October, but the worm has continued to spread rapidly.
The company also announced a large group of firms working together to combat Conficker. The group is made up of leading security firms, the Internet Corporation for Assigned Names and Numbers (ICANN), registries and leading operators of the Domain Name System (DNS). Microsoft’s announcement: http://tinyurl.com/am4xxg
Here’s a roundup of coverage:
Computerworld — http://tinyurl.com/bm2tok
PC World — http://tinyurl.com/bxutsa
Internetnews.com — http://tinyurl.com/bmwv84
InformationWeek — http://tinyurl.com/bg4efg
Washington Post — http://tinyurl.com/apzkjg
The posse was created to head the worm off at the pass, so to speak. The worm seeks to update itself using seemingly random lists of domain names it checks to receive new code. The algorithm used to generate those domains has been cracked by Finnish cyber security firm F-Secure. Now the companies can pre-register the domain names, preventing the worm from updating itself. And computers infected with the worm can be identified when they check in. This contains the growth of the virus, although it does not eradicate it.
Here’s a detailed description from Jose Nazario of Arbor Networks: http://tinyurl.com/c7vyu3
This is an encouraging example of industry working together to combat a common threat — much like the coordination around the DNS flaw identified by Dan Kaminsky in July of last year. Hopefully this group can remain organized in some form and continue to fight the increasingly sophisticated attacks looking to exploit the distributed nature of Internet infrastructure.
UPDATE — new variant of the worm released by the bad guys, Network World:
Other stories you might like:
- Combining Social Networks Post Merger Tech blogger and fellow Alexandria resident Dennis McDonald is on to something in a blog...
- What the Heck is ICANN Doing with Domain Names? Last week stories broke about a significant change in the way Internet addressing will be...
- Back to the Future — The Browser War Fierce competition is back on the web browser front. After Microsoft crushed the Netscape challenge...