Microsoft Rounds Up Posse to Nab Conficker

In a worldwide effort to bring down what experts warn may be the worst malware now facing the Internet, big names from the computer industry, academia and law enforcement are teaming up to go after the Conficker worm.

Also known as Downadup, Kido and Confick, Conficker was widely seen by security experts as having the potential to be the largest worm attack in recent memory. The worm takes advantage of a vulnerability that remains widespread despite the fact that Microsoft issued a patch for it in October. Conficker takes over victims’ PCs to add to a sprawling botnet — a network of compromised computers often used to send out malware or spam.

In response to the threat, Microsoft (NASDAQ: MSFT) is coordinating an effort to cut the worm off at its head — offering a $250,000 reward for information resulting in the arrest and conviction of those
responsible for launching Conficker on the Internet.

“By combining our expertise with the broader community we can expand the boundaries of defense to better protect people worldwide,” George Stathakopoulos, general manager of Microsoft’s Trustworthy Computing Group, said in a statement. “We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable.”

It’s not a moment too soon, according to fellow members of the initiative.

“This thing is causing a lot of grief for enterprises,” Jose Nazario, manager of security research at network security provider Arbor Networks, told “As it tries to propagate on the LAN, it brute forces user accounts, and systems administrators have to run around unlocking these accounts.”

The group battling Conficker calls itself the Conficker Cabal, Nazario said. It includes the Department of Justice (DoJ) and the Department of Homeland Security (DHS) in the U.S., which are working with law enforcement agencies and Computer Emergency Readiness Teams worldwide in the bid to root out Conficker.

Conficker Cabal members also include Internet players such as ICANN, the Internet Corporation for Assigned Names and Numbers; messaging services vendor Neustar (NYSE: NSR); Internet infrastructure giant VeriSign (NASDAQ: VRSN); and the Public Internet Registry, which manages the .org domain.

In addition to Arbor, security vendors in the group include Symantec (NASDAQ: SYMC), F-Secure, ISC, and malware researchers from the Shadow Foundation. AOL and researchers from Georgia Tech are also involved in the effort, Microsoft said.

Growing threat

The news comes as concern over Conficker reaches peak levels. Last month, security experts predicted that the worm would soon beat the record of the Storm virus, which ultimately infected anywhere up to 50 million computers.

Arbor Networks’ Nazario said that one of the major ways Conficker is spreading is through the use of USB keys and other removable media. Enterprises have long viewed removable media as a security risk, and some companies ban them altogether.

But that hasn’t stopped the worm’s breakneck growth. Conficker uses Windows’ AutoRun feature — the one that automatically opens and plays CD-Roms or movie DVDs when these are loaded into a computer.

AutoRun “makes the user experience very nice, but disabling AutoRun is a pain in the neck,” Nazario said.

News Around the Web