Conficker: Lessons learnt

The Conficker worm is the largest computer worm infection with more than seven million government, business and home computers in over 200 countries now under its control.

In fighting Conficker A/B, the security community proved they could coordinate to block 250 domains per day, already an unprecedented effort. With Conficker C, they faced the challenge of organizing in less than three weeks to coordinate with over 100 countries and block over 50,000 domains per day.

Even with the large task in front of them, the group managed an impressive amount of success in blocking the domains generated by Conficker C.

Starting in late 2008, and continuing through June of 2010, a coalition of security researchers worked to resist an Internet borne attack carried out by Conficker.

This coalition became known as “The Conficker Working Group”, and seemed to be successful in a number of ways, not the least of which was unprecedented cooperation between organizations and individuals around the world, in both the public and private sectors.

Rodney Joffe Senior, Director of the Conficker Working Group comments: “The Conficker Working Group was an overwhelming success in demonstrating how the global community, public and private, can (and should in the future) come together to combat common threats. However it is also a clear example of how this “best of bread” cooperation is generally powerless to stop determined attacks – Conficker remains undefeated, and no arrests have yet been made. The operation was a complete success, unfortunately the patient died”.

In 2009, The Department of Homeland Security funded a project to develop and produce a “Lessons Learned” document that could serve as a permanent record of the events surrounding the creation and operation of the working group so that it could be used as an exemplar upon which similar groups in the future could build.

The much anticipated “Conficker Lessons Learnt’ report has been released and you can find it here.