The infamous Conficker worm gained plenty of notoriety in online circles over the past few years as it made its way onto millions of computers. While it was deemed a serious threat after its detection, the worm was successfully stopped from increasing its presence. While Conficker may have been silenced, it still exists on millions of machines across the globe, making some wonder if it will ever be revived.
The main party responsible for stopping Conficker is the Conficker Working Group. The group was created when various antivirus vendors and other interested parties decided to join together in 2009 in a collaborative effort to both analyze and destroy the worm. The Conficker Working Group successfully halted the spread of Conficker by eventually cutting off communication between the worm and its creator. Since the creator could no longer communicate with the worm, it could not be tweaked and updated into more harmful variations. In essence, Conficker was stopped in its malicious tracks.
Details of the Conficker Working Group's battle against the worm were detailed in its “Lessons Learned” PDF document that was just released. The 59-page document not only discusses how the group tracked Conficker, but also why the group was formed and the strategies it employed to fight the worm. The “Lessons Learned” moniker fits, as both successful and unsuccessful strategies that were used are revealed.
While the Conficker Working Group did manage to disable variations of Conficker from being generated, it does report that the worm is not completely dead. According to the recently released document, Conficker probably still resides on on as little as 4 million or as many as 13 million computers worldwide. Although it is sitting in somewhat of a dormant stage on those infected machines, it does have some untapped potential if its creator can somehow open up a line of communication once again.
Conficker made its first splash into the online scene in the latter part of 2008. The worm spread from computer to computer, essentially creating an army of infected machines. Commonly referred to as a botnet, the numerous infected machines were controlled remotely by cybercriminals. Gaining remote control over the computers allowed hackers to use them as vehicles for the transmission of spam. Besides spam, the computers also gave hackers avenues to steal sensitive data.
Once the Conficker Working Group was formed, a battle ensued over several months between the group and those behind Conficker's creation. Several variations of the worm were created to try to avert efforts to stop it. Conficker was finally stopped when the group managed to register and block various domains. This created an effective barrier that prevented the worm's creator from updating it to continue its survival.
Although many felt that Conficker was a serious threat, some believed that its significance was overblown. The Conficker Working Group expressed pride in its efforts, but did mention that the worm's creator seemed lackadaisical in their measures to counter Conficker's demise. The group also maintains that the worm is not completely harmless, as its creator could sell it to someone wishing to use it as a botnet.
For more on this topic, visit http://news.cnet.com/8301-1009_3-20029469-83.html?tag=mncol;title
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou