Skip Links

Group takes Conficker fight to a new level

With a new and trickier Conficker variant to deal with, a group of volunteers vows to go forward and fight the worm

By , IDG News Service
March 31, 2009 08:40 PM ET

IDG News Service - Forming a global alliance to fight cybercrime isn't easy, and building an organization that can stay one step ahead of cyber crooks in more than 100 countries is close to impossible. But a band of volunteers calling itself Conficker Working Group thinks it can do it.

Slideshow: 10 of the Worst Moments in Network Security History

The group was formed earlier this year to try to contain the massive network of computers infected by the Conficker worm, which at its worst was thought to have infected 10 million computers.

The seriousness of the problem helped get the group off the ground, as technical experts from the world's top Internet companies informally banded together. At first they called themselves the Conficker Cabal, but they've now lightened the name, calling themselves the Conficker Working Group.

It's an improbably story, according to Paul Vixie, president of the Internet Systems Consortium, and one of the group's members. "It was formed as a bucket brigade because there was a house on fire," he said. "There was no way that you could get this level of talent to be focused on this if it was with a long term goal of, 'Gee, lets shape the Internet security landscape.'"

But now that it's working, members hope that it could be used to fight off other Internet threats in the future.

The group works in an informal, ad hoc way. There is a Web site and some mailing lists, and the occasional conference call. No contracts, no fees, no workshops, and no newsletters.

"There are a lot of companies that are putting a lot on the line to do it," said Rick Wesson, CEO of network security consultancy Support Intelligence. "It sucked up everybody's time, we're not being paid to do this, and it's fantastic. Everybody feels good about doing this."

The stakes are high. Now estimated at between 2 million and 4 million computers, Conficker would be the world's largest botnet -- by a lot. Generally botnets with a few hundred thousand computers are considered to be a major threat.

The Working Group's approach harkens back to the early days of the Internet, when a close-knit group of enthusiasts, kept the network up and running. "It was like an Amish barn building party," Vixie said. "Everybody would just haul over there and get it done."

In the 90s that cooperative spirit abated, as people with technical skills were snatched up by Internet companies, many of whom were locked in fierce competition with each other. But recently, that sense of "harsh competition" has abated, Vixie said. "Economic tides being what they are, people are focused on preserving what remains of the industry rather than muscling in on a larger market share."

Last year, Vixie got a taste of this new spirit of cooperation when found himself in a roomful of competitors, all working out a solution to a major bug in the Domain Name System (DNS). More impressively, none of the work leaked out until everyone had a chance to patch.

With the Conficker Working Group, the going has been tough at times. Originally set up to prevent two earlier variants of Conficker from updating their software, the group has had a setback with the latest Conficker.C code. "There is evidence that there was an update that kind of slipped out," said Andre DiMino, co-founder of The Shadowserver Foundation, a cybercrime group that is part of the Working Group.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News