DNS - The Lingering Conficker Worm and DNS: Talking Cybersecurity with an Expert

The Conficker worm which first reared its ugly, security-breaching head in November 2008, marked the first time that cybercriminals had used Domain Name System technology - or "DNS" (a sort of Web phone book of IP addresses) - to man and control botnets.

 

The worm, you may recall, was spread through a vulnerability in Microsoft's (News - Alert)operating system - a vulnerability that was patched almost immediately, but wreaked havoc on tens of millions of systems.

 

Today, a DNS and cybersecurity expert told TMCnet in a podcast interview that's available here, there are still more than 6.5 million computers still infected by the worm.

 

"Among the interesting things to note about Conficker is that it did very effectively help create a working group that was global in nature - one of the first times that we've seen," said Rodney Joffe, senior vice president and senior technologist at Neustar - a Sterling, Va.-based company that delivers addressing, interoperability, and infrastructure services worldwide to communication service providers, enterprises, associations, governments and regulatory agencies.

 

Joffe is also a cyber security expert who serves as a member of the Conficker Working Group and has been an advisor to the Department of Homeland Security and FBI, testified before Congress on Internet security and authored a number of papers on the subject. 

 

According to Joffe, after Conficker hit, about 116 top-level domains 110 countries and 100 to 120 companies from around the world all came together over a very short period to coordinate the blocking of the domain names to be used by the criminals.

 

"That's sort of the good news picture," Joffe told TMCnet during our interview. "The bad news picture is that the criminals - who are very, very versatile in what they do, and very, very nimble - were able to modify the particular mechanism that they used so that by April of 2009 they were no longer using DNS, they were using peer-to-peer."

 

At that point, the challenge became much more difficult, according to Joffe - and, of course, Conficker is still here.

 

"Probably two or three times a day, as a working group, we get reports of brand new infections in corporations that theoretically are fully patched or should have been fully patched," he said.

 

During our conversation, Joffe also discussed other types of security risks to DNS and what businesses can do to protect against them.

 

Have a listen for yourself.