Online security is a world wide problem, which entire countries battle on an everyday basis. Who will safeguard the average web-user's privacy from worms like Conficker?
A proposal has been made for the creation of a global security coordination centre that will help the Internet web address system combat exploitation by malicious software, as the Conficker worm did last year.
Thanks to a coordinated global response, a measure of success was achieved in countering the worm and blocking its spread, said a recent report of the Internet Corporation for Assigned Names and Numbers (ICANN). It has suggested the establishment of a Community Emergency Response Team for the global Domain Name System (DNS-CERT).
A worm is a piece of malicious software created to stealthily infect computers in order to perform certain tasks. The spread of the Conficker worm, which exploited the vulnerability in the Windows OS to infect computers, had peaked last year, with its variants emerging and infecting millions of computers . Such infected computers are then made part of larger networks, called botnets, for operations conceived by the worm's creator or creators.
The rapid spread of the Conficker worm had been viewed with great concern by security experts worldwide. The threat perception has since subsided, following a significant decline in the rate at which the worm has been infecting computers, but millions of machines remain infected, and security experts continue tracking it for any sign of resurgence.
Since the Conficker worm depended on specific web addresses for communication, it became one of the battlegrounds for a counter-offensive by security experts and organisations led by the Conficker Working Group.
What the worm did from the infected computers was to generate domain names or web addresses and select some of them to connect with and update itself — and execute the latest commands of its creators. Thus, a key counter-measure involved was to block the creation or transfer of web addresses being used by the worm for its operations, in which ICANN had played a crucial role.
The worm tried to overcome the defence mounted against it by generating thousands of web addresses from which it could randomly exploit some for its purposes, but the experts have been largely able to counter this tactic.
Much of it was based on “volunteer efforts and goodwill, informal communications channels, interventional operations practices, informal agreements and assumptions,” said the ICANN report.
Microsoft, too, felt that a “new level of industry collaboration and cooperation” had been achieved in countering the worm. Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation, told The Hindu, “ICANN and operators within the domain name system have proactively disabled a significant number of domains targeted by Conficker.”
Though the worm is now primarily using the peer-to-peer (P2P) route — directly between computers — to sustain itself, “our scrutiny of this worm's DNS control channel made it unusable for its intended purpose and has also given us wonderful information about the size and spread of the infection,” said Paul Vixie, president of Internet Systems Consortium, which is part of the Conficker Working Group. “ICANN has put in a lot of effort in responding to Conficker. I think they have good standing to want to see that time and effort institutionalised,” he said in an e-mail interview.
The DNS-CERT proposal has received a mixed reaction from different countries and the Internet community — some of them are unsure whether it is the right solution or Conficker has really strengthened the case for it.