[LINK] Cornficker clones
stephen at melbpc.org.au
stephen at melbpc.org.au
Sat Mar 28 19:13:38 AEDT 2009
Being one thousand percent for the net, and also aware that cornficker
type bots certainly may become more frequent over time, one cannot but
wonder if Registrars, obviously one bottomline defence mechanism, will
need more help in future. Maybe a minimium of more staff one may think.
It may seem only fair that if the world is going to ask them to police
the net, and, takedown perhaps major sites, they should be re-imbursed
for this role. And 'persuading' them to co-operate does 'not' seem the
best method in terms of the future. But, if someone paid them for this
service, then perhaps this last defence against cornficker-clones will
remain in place after the third, fourth .. hundredth, such net attack?
Our major bottom-line defence, the taking down of what might be major
websites, for who knows how long, IS serious. Do Registrars need help
both financial, and perhaps more legislative protection, to defend us?
'Persuading' Registrar co-operation doesn't cut it or seem the best way.
(Quote, Brisbane Times ..)
"So far, Conficker-infected machines have been trying to connect each day
to 250 Internet domains. The bad guys need to get just one of those sites
under their control to send their commands to the botnet.
Conficker has been a victim of its success, however, because its rapid
spread across the net drew the notice of computer security companies..
They have been able to work with domain name registrars, which administer
Web site addresses, to block the botnet from dialing in.
Now those efforts will get much harder. On April 1, many Conficker-
infected machines will generate a list of 50,000 new domains a day that
they could try. Of that group, the botnet will randomly select 500 for
the machines to actually query.
The bad guys still need to get only ONE of those up and running to
connect to their botnet. And the bigger list of possibilities increases
the odds they'll slip something by the security community.
Researchers already know which domains the infected machines will check,
but pre-emptively registering them all, or persuading the registrars to
neutralize all of them, is a bigger hurdle."
http://news.brisbanetimes.com.au/breaking-news-technology/giant-internet-
worm-set-to-change-tactics-april-1-20090328-9ehu.html
--
Cheers,
Stephen
More information about the Link
mailing list