FRAMINGHAM 28 JANUARY 2011 - A team of nonprofit, public sector and private business parties known as the Conficker Working Group says it is proud of its success at stopping the infamous Conficker worm from spreading as far as many feared it would, but also note the virus is still on many computers worldwide.
The task force, which included team members from nonprofit groups such as Shadow Server and the Internet Corporation for Assigned Names and Numbers (ICANN), as well as vendors such as Facebook, Microsoft, Cisco Systems, IBM, AOL and VeriSign, assembled in 2008 in response to the worm. Their goal was to block already infected computers from reaching the domains targeted by the worm's author to attempt to update the worm with new code or new instructions. The CWG sought to register and otherwise block domains before the Conficker author, preventing the author from updating the botnet.
The report details how a third variant of the worm, Conficker C, was released in February 2009 and managed to update nearly a million computers from Conficker A/B to Conficker C, despite the CWG's efforts. The new features presented in the C variant showed that the author was adapting to the Working Group's methods and trying to break them. Starting on April 1, 2009, the C version of the code would generate 50,000 pseudorandom domains per day from over 116 domains all over the world.
More about botnets
- What a botnet looks like
- The botnet hunters
- Report: Rustock still top dog among spam botnets
- With botnets everywhere, DDoS attacks get cheaper
In fighting Conficker A/B, the security community proved they could coordinate to block 250 domains per day, already an unprecedented effort, claims the report. With Conficker C, they faced the challenge of organizing in less than three weeks to coordinate with over 100 countries and block over 50,000 domains per day. Even with the large task in front of them, the group managed an impressive amount of success in blocking the domains generated by Conficker C.
In coordinating to stop the botnet threat, the CWG became a model for cyber defense, the report states.
"The Conficker Working Group sees its biggest success as preventing the author of Conficker from gaining control of the botnet. Nearly every person interviewed for this report said this aspect of the effort has been successful."
Sign up for Computerworld eNewsletters.