Survey Cites Successes, Failings of Conficker Working Group

In coordinating to stop the botnet threat from Conficker, a malware program first released on the Internet in 2008, the Conficker Working Group became a model for cyber defense.

So concludes a report released by The Rendon Group, based upon work supported by the Department of Homeland Security Security’s Science and Technology Directorate. A number of valuable lessons can be learned from the CWG to guide how future efforts may be initiated, organized and managed, the report says. It is the result of in-depth interviews with 15 members of the group.

The group’s biggest success was preventing the author of Conficker from gaining control of the botnet. The blocking of domains continues and the Working Group has indicated they will maintain their effort. “In fighting Conficker A/B, the security community proved they could coordinate to block 250 domains per day, already an unprecedented effort. With Conficker C, they faced the challenge of organizing in less than three weeks to coordinate with over 100 countries and block over 50,000 domains per day,” the report says.

The group’s biggest failure was its inability to remediate infected computers and
eliminate the threat of the botnet. “While remediation efforts did take place, millions of the A/B variations of Conficker remain on infected computers. Members of the group recommended a greater focus on remediation from the start and more coordinated communication with ISPs,” the report reads.

To read the full report, click here:
http://www.confickerworkinggroup.org/wiki/uploads/Conficker_
Working_Group_Lessons_Learned_17_June_2010_final.pdf