Conficker: Lessons Learned in Collaboration

by James Bosworth on January 27, 2011

conficker virus: lessons learned in collaboration

Monday afternoon the Conficker Working Group (CWG) published a lessons learned report researched and prepared by The Rendon Group (TRG), an effort I was privileged to lead. I want to thank everyone in the CWG who took the time to speak with me and provide analysis of their remarkable collective efforts to combat this dangerous botnet.

The Conficker worm first appeared in November 2008, rapidly infecting computers lacking certain Microsoft security patches, with the intent to form a vast botnet. The worst-case scenarios for what this botnet could do were bleak including the potential for a serious attack on key Internet infrastructure.

To combat the Conficker worm, the cybersecurity community quickly organized an ad-hoc and largely voluntary task force called the Conficker Working Group, an unprecedented act of collaboration and coordination among a disparate group of stakeholders.

conficker virus eye chart to determine if you are infected

One member of the Working Group created an “eyechart” that would help a computer user determine if he or she was infected. It was a small step, but received media coverage and was effective in communicating with average computer users about the virus. A variant of the eyechart was used on two major portals in South Korea to facilitate self- remediation.

In May 2009, after much of the work was completed, the CWG and the Department of Homeland Security asked TRG to conduct an independent study of the CWG’s activities – their successes, failures and lessons learned.   Read more about them in our 2010 report.

One of the fundamental lessons of the CWG is the importance of information sharing and cooperation across the private sector and the need to improve communication between the private sector and the government. In particular, the CWG’s organization and ability to coordinate collective actions across so many private sector companies made the working group a success and a model for future efforts.

To that end, the Department of Homeland Security is taking steps to improve its coordination with the private sector to combat threats to domestic Internet infrastructure and to speed up research and innovation to protect critical infrastructure. These steps are part of the broader federal government’s cybersecurity initiative.

Other recommendations in our report included focusing on the strategic approach to combating Internet threats, resolving legal and regulatory issues raised by the Conficker threat and launching a public dialogue about cybersecurity. Efforts toward these recommendations are just getting off the ground.

In the months since writing this report, new cybersecurity issues have jumped into the media spotlight. The Stuxnet worm helped slow the Iranian nuclear weapons program and demonstrated the implementation of a real cyberwarfare weapon. Online protests by the cyberattack group Anonymous took down a number of corporate websites and played a small role in the recent Tunisian revolution. The Zeus botnet continues to make money for cybercriminals.

The fight against Conficker took months of effort from some of the top cybersecurity experts in the private sector, but these new issues are a reminder that Conficker was just one piece of malware in a much larger threat environment. There remains much work left to do.


James Bosworth is a freelance writer and a TRG subject matter expert on Latin America, global media trends and on cybersecurity issues. He currently resides in Managua, Nicaragua. His personal blog is at

Enhanced by Zemanta

Leave a Comment