Conficker: Learning from a Worm

Wednesday, February 2, 2011 @ 06:02 PM gHale

Learning from the past is how the industry can ensure a secure future.

Take the Conflicker worm. The Conficker Working Group (CWG) just published a report by the Rendon Group, based on work funded by the Department of Homeland Security, on the “Lessons Learned” from the international effort it took to contain the virulent worm, which was a botnet infection that spread throughout the world in 2009.

The report documents the history of the Conficker worm, from the early reports in November of 2008 through to 2009 when Conficker infections were rampant. Security researchers started to work together on solving the problems posed by the worm in 2008, a cooperation which eventually became the Conficker Working Group.

The battle against Conficker involved considerable resources and unprecedented levels of cooperation between organizations. As a result, the industry learned quite a few lessons about combating such large and worldwide threats. Ultimately though, the group does admit the worm’s author, or authors, could have tried harder and may have simply been scared off by the sheer weight of the effort pitched against them.

The report goes on to say that although the CWG succeeded in blocking communications between the worm and its creator, eventually foiling attempts to update the worm’s code and stopping its operation as a botnet, at the time the report was written, estimates indicate there were between 5 million and 13 million Windows PCs that still had the infection.

The report makes recommendations, including creating a global strategy and expecting a long-term battle, using a trusted group to address the problem, engaging with governments and organizations, maintaining clear records of events and decisions and hiring a staff of full time employees to manage the volunteer effort.

Leave a Reply

You must be logged in to post a comment.