The bright side of Downadup/Conficker

Believe it or not,  some good has come from the ominous Downadup/Conficker worm: wider cooperation among rival vendors and stepped up partnering of tech companies and regulators. OpenDNS, the company which offers an alternative way to translate domain names into IP addresses to connect with web sites, has said it is teaming with Kaspersky Lab to try to limit damage from Downadup/Conficker.

Kaspersky is supplying OpenDNS with a list of some of the hundreds of domain names the worm’s controller could use to send instructions to perhaps as many as 12 million already infected PCs. Meanwhile, tech companies and law enforcement have formed a task force to hunt down and prosecute the perpetrators. This digital posse — comprised of tech security companies, domain registrars, ISPs, the FBI and Microsoft — is also moving to help identify infected PCs  and get them cleaned up.

Downadup/Conficker has given the good guys reason to circle the wagons. Patrik Runald at F-Secure, Don Jackson at Secureworks, Jose Nazario at Arbor Networks and others have been freely sharing their findings on how this old- style, self-spreading Windows worm has been able to spread so pervasively — and why it is so difficult to eradicate.

Joe Stewart at Secureworks was quick to design and make available a manual workaround sequence useful for bypassing the worm’s cloaking mechanism, which prevents infected PCs from accessing Microsoft’s cleanup tool. Iñaki Urzay’s crack team of researchers at Panda Security is honing a new type of vaccine that patches in memory.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone