Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Conficker Working Group says worm is stopped, but not gone

Joan Goodchild | Jan. 28, 2011
A team of nonprofit, public sector and private business parties known as the Conficker Working Group says it is proud of its success at stopping the infamous Conficker worm from spreading as far as many feared it would, but also note the virus is still on many computers worldwide.

The blocking of domains continues and the Working Group plans to continue these efforts, the report said.

"Chief among the reasons for CWGs success in this area was their ability to obtain cooperation from ICANN and the ccTLDs. Without these organizations, the group would have been able to do little to scale the registration of international domains to block Conficker C from using domains to update," the summary states. "Processes are now in place that may make future coordination efforts easier, and many countries are reviewing domestic regulations, which would hopefully streamline their internal processes for dealing with such threats."

The report says the Working Group sees its biggest failure as the inability to remediate infected computers and eliminate the threat of the botnet. While remediation efforts did take place, millions of the A/B variations of Conficker remain on infected computers - an estimated four to 15 million machines globally.

Last year, CSO interviewed Steve Santorelli, who at the time worked with the non-profit security investigations firm Team Cymru. Santorelli noted peer-to-peer botnets, like Conficker, have brought the cybersecurity competition between the good and bad guys to a new level. "They are deeply disturbing. The only way you can really take down a peer-to-peer-based botnet is to kick down the door and arrest the guy who is behind it," he explained. "Essentially the miscreants have examined the way the community conducts investigations and have evolved to circumvent countermeasures that we have put in place."

Santorelli said Conficker is one of the most troubling moments in IT security history in recent years, noting one of the more troubling aspects of Conficker was the unknown reason it was created.

"It is one of the more disturbing peer-2-peer botnets because it is very big, and it became a media sensation," said Santorelli. "But more disturbing than anything else about it is we haven't actually seen what it is going to be used for yet. Conficker has infected, by some estimates, millions of machines around the internet, but it isn't actually doing anything yet. A lot of people are very concerned about what it's for."

In that report, the organization confirms that they were able to neutralize the worm by preventing it from being updated or communicating with its creator, whose identity has never been discovered. However, they add that Conficker remains dormant on between four to 15 million computers across the globe, according to various media reports published throughout the week.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.