All the latest UK technology news, reviews and analysis

Domain-hoarding may have hamstrung Conficker

by Shaun Nichols

More from this author

03 Apr 2009

Comment: 1

  • Tweet this
Computer threat
A concerted effort by security researchers may have thwarted the Conficker update

Security researchers scrambled to snatch up domains thought to have been targeted by the controllers of the Conficker worm prior to the 1 April update.

F-Secure researcher Patrik Runald said in a blog post that security vendors and researchers calling themselves the Conficker Working Group tried to prevent Conficker's operators from registering targeted domains in the days leading up to the 1 April update.

Further reading

The Conficker.C revision was programmed to generate a list of domains which could be contacted by infected machines to receive an update and possibly new attack instructions.

In an effort to thwart such an update, Runald said that researchers scrambled to prevent the registration of those domains, leaving controlled machines to 'phone home' to empty sites.

"What really happened was that the Conficker Working Group was able to prevent them from registering any of the domains used by the worm," wrote Runald.

"Never before have we seen such a global co-operation within the industry, and we're proud to be a member of that group."

However, Runald acknowledged other factors which may have contributed to Conficker's no-show, such as the amount of media attention given to the date.

Runald also warned that the passing of the deadline does not mean the end of Conficker. The botnet's controllers could still issue an update for the worm, and its peer-to-peer capabilities could have already allowed for an update to begin circulating.

Do you agree?

Add your comment

Incorrect

You are very incorrect. Domains were able to be taken before the worm used them back when it was going through a list of 250 domains a day. When it went to version C, the list jumped up to 50,000 a day, beyond the capabilities of security experts to buy up or block the domains. So you're right that they started using that method, but some time ago that method became useless.

Posted by: Fabian 04 Apr 2009

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Developer

HTML Pad screen shot

HTMLPad 2011 Pro 11.2.2.131

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Information Security Manager

My client is a well established, non profit organisation;...

PHP Web Developer

PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...

HEAD OF DIGITAL - London - £80-95K+

HEAD OF DIGITAL - London - £80-95K + Excellent Bens...

Agile C# Developer - (North London)

Agile C# Developer - (North London) £55,000 - £65,000...

To send to more than one email address, simply separate each address with a comma.