Report: Conficker worm beaten but not gone

In a report on its battle against the persistent piece of malware, the Conficker Working Group says it was able to take down Conficker, but the worm itself still resides on millions of computers.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
2 min read

The Conficker worm may have been squashed, but this nasty piece of malware is still squirming around millions of computers around the world.

Those were the findings of the Conficker Working Group, a collection of antivirus vendors and several other parties that joined forces in 2009 and 2010 to try to stomp out the worm.

Releasing a "Lessons Learned" document (PDF) yesterday, the CWG claimed success in ultimately stopping Conficker from communicating with its creator, thus preventing it from updating into newer and more dangerous variants. The group seemed especially proud of the way the various organizations and people were able to work together in their battle against Conficker.

But the CWG also conceded that in some ways it lost the war because Conficker still resides on anywhere from 4 million to 13 million computers across the world. So it remains a threat as long as its creator can potentially tap into this huge reservoir of infected machines.

Launched in late 2008, Conficker was designed to create a botnet, a collection of infected computers that can be controlled by cybercriminals, and has been used to send out spam and steal confidential data. The ongoing battle between Conficker and the CWG played out over months as new variants of the worm were released in an attempt to thwart the efforts of those trying to stop it. Only by registering and blocking entire domains before Conficker managed to use them was the CWG able to keep the worm's creators from further updating it.

Experts have disagreed about the threat posed by Conficker, with some arguing that the worm was perceived as more of a danger than it turned out to be. The CWG said it believes that its own efforts helped stop the spread of Conficker but admits that the worm's author didn't seem to try his or her hardest. The group offered a couple of other explanations for the ultimate performance of Conficker.

"It is possible the level of attention given to the malware scared off the author," the report said. "It is also possible the author is waiting for a later date or is waiting for someone to pay for the use of the botnet."

Staying one step ahead of the bad guys will always be a challenge in fighting cybercrime. But in its document, the CWG expressed the notion that sharing information and resources among the private and public sectors, supporting law enforcement, and reforming current legislation are all key to fighting these ongoing threats.