Conficker: Lessons Learned report published

The Conficker Working Group (CWG) has published a report by the Rendon Group, based on work funded by the Department of Homeland Security, on the "Lessons Learned" from the international effort to contain the virulent Conficker worm, a botnet infection that spread throughout the world in 2009. The report, written in the summer of 2010, documents the history of the Conficker worm, from the early reports in November of 2008 through to 2009 when Conficker infections were widely reported. Security researchers started to work together on solving the problems posed by the worm in 2008, a cooperation which eventually became the Conficker Working Group.

The battle against Conficker involved considerable resources and unprecedented levels of cooperation between a wide range of organisations. The report states that, as a result, many lessons have been learned about combating such large and worldwide threats. Ultimately though, the group does admit that the worm's author, or authors, could have tried harder and may have simply been scared off by the sheer weight of the effort pitched against them.

The report goes on to say that although the CWG succeeded in blocking communications between the worm and its creator, eventually foiling attempts to update the worm's code and stopping its operation as a botnet, at the time the report was written, estimates indicate there were between 5 million and 13 million Windows PCs that still harboured the infection.

The report makes a number of recommendations for future cyber defenders, including creating a global strategy and expecting a long-term battle, using a trusted group to address the problem, engaging with governments and organisations such as ICANN, maintaining clear records of events and decisions and hiring a small (2-3 people) staff of full time employees to manage the volunteer effort.

See also:

• The H Security Conficker information site, The H's resource for Conficker issues.
  

(trk)