OpenDNS to block ConfickerFebruary 8, 2009 – 8:51 AM
On Monday, OpenDNS, the free DNS service, plans to start blocking the Conficker worm’s attempts to connect to potential control servers. According to The Register, the new free service will also be able to alert administrators to the presence of the Conficker worm and assist them in locating infected machines.
Conficker is a difficult worm to block on a domain name, or IP address, basis. It attempts to connect to up to 250 different domain addresses each day, looking for a new payload. However these addresses can be predicted; in part this was how F-Secure estimated the size of the Conficker problem, by predicting a future domain, registering it, and then counting the machines that connected to that domain.
Apparently, to date, no new payload has been deployed, but this could change at any point. By pre-loading the OpenDNS service with the predicted addresses, OpenDNS, using a predicted address list provided by Kaspersky, hopes to be able to block any future connections by the Conficker worm. Blocking Conficker is to be the first part of a botnet blocking service provided by OpenDNS.