Gizmodo has published an interesting article entitled “How the Conficker Problem Just Got Much Worse” and I’ve got to say that I’m generally concerned.
…and here’s why that is deeply, deeply scary. As we explained, Conficker has built a zombie botnet infrastructure by registering hundreds of spam DNS names (askcw.com.ru, and the like), which it then links up and uses as nodes for infected machines to contact for instructions. In its earlier forms, Conficker attempted to register 250 such DNS names per day. But with the third version of the software, the Conficker.c variant which has been floating around for the last month or so, the number of spam DNS takeovers was boosted to 50,000 per day—a number security pros can no longer keep up with.
Now, that is bad enough. But they’ve missed something VERY important. Just in the past week, Register.com, a primary registrar and DNS source has experienced a sustained DDoS attack by a Botnet of undetermined origin. Similarly last month, GoDaddy.com was hit hard. Now I have anecdotal evidence of several other DNS providers having come under attack this week. Are the two the same issue?
It’s hard to tell. When companies come under attack, they generally keep their mouths shut. I believe we’ll see that changing very soon…