January 26, 2011

Conficker Worm Neutralized, Not Eliminated

A team of cybersecurity experts were able to prevent the Conficker computer worm from activating, but the malware program remains on millions of computers worldwide, according to a document released on Monday.

The Conficker Working Group (CWG), a task force featuring representatives from AOL, Facebook, Microsoft, Cisco, IBM, VeriSign, and the Internet Corporation for Assigned Names and Numbers (ICANN), was forced in late 2008 to combat the self-replicating virus.

The Conficker worm allowed cybercriminals to seize control of computers for an unknown purpose, though according to Glenn Chapman of AFP, the goal might have been "to steal valuable data or use machines to fire off spam or launch attacks on websites or other online targets."

Their "Lessons Learned" report, which is currently available as a PDF document on the coalition's website, was commissioned by the Department of Homeland Security in 2009.

According to the CWG, the document was intended to "serve as a permanent record of the events surrounding the creation and operation of the working group so that it could be used as an exemplar upon which similar groups in the future could build."

In that report, the organization confirms that they were able to neutralize the worm by preventing it from being updated or communicating with its creator, whose identity has never been discovered. However, they add that Conficker remains dormant on between four to 15 million computers across the globe, according to various media reports published throughout the week.

According to Keith Johnson of the Wall Street Journal, "The Conficker worm, which first appeared late in 2008, disables a computer's security measures, including Windows software updates and antivirus protection, leaving machines vulnerable to more malicious software."

Conficker was "among the largest botnets in the past five years," the working group said in their report, and while their efforts to neutralize the malware proved successful, they considered their "inability to remediate infected computers and eliminate the threat of the botnet" their biggest failure, according to Chapman's article on Wednesday.

"Experts have disagreed about the threat posed by Conficker, with some arguing that the worm was perceived as more of a danger than it turned out to be," Lance Whitney of CNET.com wrote on Tuesday. "The CWG said it believes that its own efforts helped stop the spread of Conficker but admits that the worm's author didn't seem to try his or her hardest."


On the Net: