The broad industry coalition, announced last week as a broad industry effort to bring the Conficker worm down, has been busy registering domains that have been generated as targets by the malware. The worm (now available in multiple variants) checks in with a list of dynamically generated domain names, created using pseudo-random code. Arbor Networks showed last week how the cabal was registering those names, with the help of members such as ICANN and some domain registrars, to register and therefore control the domain names. They could then be used as sinkholes to further monitor Conficker behaviour, it added.
Others involved in the group include ICANN, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Symantec, F-Secure, ISC, Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.
The company, which announced a broad industry coalition designed to stop the threat last week, has also placed a $250 000 bounty on the head of its (as yet) unknown author.
What's strange is the lack of activity at the Industry Consortium for the Advancement of Security on the Internet(ICASI), which was an organisation formed by companies including Microsoft to help combat precisely this sort of large-scale online threat. Who's in charge over there?