With some estimates placing the number of computers infected by the Conficker worm at 10 million or more, Conficker has the potential to become one of the biggest botnets ever. Given that many system administrators probably don’t realize they’re hosting the parasite, it’s a good bet that things will get worse before they get better. Fortunately, the good guys at OpenDNS are offering a free service designed to alert administrators of Conficker’s presence and help them with containment and cleanup.
Though Conficker began spreading late last year, so far none of the infected machines has downloaded any software that would create a botnet or send spam. However, that could change in a blink if the criminals behind Conficker add a malicious payload to any of the domains the drones connect to every day. If a network has any PCs that try to connect to the rogue servers, OpenDNS will pinpoint them. As part of the service, infected machines will be prevented from connecting to the control servers:
What’s interesting about this particular virus is that it uses the Domain Name System in a unique way: Conficker contains an algorithm that checks 250 new domains per day for instructions on what it should do. This puts us in a unique position to keep you safe since we’re in the unique position of providing insight and intelligence into your DNS service. We’ve teamed with Kaspersky Lab to identify those 250 daily domains, and stop resolving them.
Administrators must register for a free account in order to take advantage of the service and must use OpenDNS on their networks. Once the account is set up, it’s a simple matter to check for Conficker’s presence:
To find out if Conficker has penetrated your network, simply log in to your account and select Stats on the left sidebar. From there choose Blocked Domains and filter “only domains blocked as malware.” This will generate a list of malware sites your network has attempted to connect with.