IDG News Service - One year after the Conficker botnet was front-page news around the world, the U.S. Department of Homeland Security is preparing a report looking at the worldwide effort to keep it in check.
The report, to be published within the month, shows how an ad hoc group of security researchers and Internet infrastructure providers banded together into an organization they called the Conficker Working Group. Its goal was to address what was at the time the world's most serious cyberthreat.
"We said, 'This was a very good example of the private sector, globally, working together to try to solve a cybersecurity attack, so let's fund the creation of a lessons-learned report to just document what worked, what didn't work,'" said Douglas Maughan, a program manager with the Department of Homeland Security's Science & Technology Directorate.
The report could provide a template for future cyber-responses, security experts say.
Conficker began spreading in November 2008, infecting computers via a variety of means, including an attack exploiting a known flaw in Microsoft Windows.
Though it is still thought to control between 4 million and 7 million computers, Conficker was only briefly put to use, in April 2009. It's as if the massive amount of scrutiny it generated eventually frightened away its creators -- a good thing, since it controls enough computers to create a withering distributed denial-of-service attack.
Security researchers analyzing the malware soon realized that the botnet used an algorithm to calculate the Internet domain where it should look for instructions each day. Working with the Internet Corporation for Assigned Names and Numbers (ICANN) and domain name registrars, they began blocking these domains in advance, preventing Conficker's creators from connecting to the hacked computers.
With each iteration, however, Conficker's creators stepped up their game, developing cryptographic protections and a peer-to-peer communications structure, and making it harder and harder to keep the botnet out of the hands of the criminals. Still, the relationships developed during the experience, and the working-group model itself, set the standard for how the Internet community would deal with subsequent incidents.
"Conficker really was a seminal event for the security community," said Rodney Joffe, senior technologist with Internet infrastructure service provider Neustar and a member of the working group.
When he got a call Dec. 7 from Chris Davis, CEO of Ottawa-based security consultancy Defense Intelligence, Joffe suggested they use the same type of model to take down a new botnet, known as Mariposa. "Six weeks later there were actual arrests," Joffe said. "From our point of view, it's one of the best validations of the model."
Like other participants, Joffe considers the Conficker Working Group a success, but a qualified one. After all, though Conficker's been quiet, the botnet is still around. "In terms of learning, it's been a great success," he said. "In terms of defeating Conficker, it's gotten us nowhere."
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Bring Networks and Applications Closer--Cisco ONE
- A series of sweeping trends is placing new requirements on the tried-and-true network model--requiring network infrastructure and applications to communicate. Get the open...
- Lippis Research Reviews the Cisco Catalyst 2960-X
- In this Lippis Report Research Note, Lippis Research reviews the latest edition of the "most popular access switch on the planet" -- the...
- Design Guide--Scaling Up to a Campus-Wide LAN
- Is it time to scale your network environment to a campus wired LAN? Here's the framework you need to set up your LAN...
- Comprehensive Security: Cisco Catalyst 2960 Series
- With a rich and comprehensive set of security features, Cisco Catalyst 2960-X and 2960-XR Series Switches can help you address networking megatrends such...
- Be Energy Efficient--The Cisco Catalyst 2960 Series
- How much energy could be saved if all 230 million Layer 2 and 3 fixed managed switch ports sold in 2012 were as... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- Vblock™ Specialized System for SAP HANA® Overview video from DJ Long about the new Vblock Specialized System for SAP HANA®.
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 20, 2013.