Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

If you know the Conficker dude, we've got a prize for you

If you know the Conficker dude, we've got a prize for you

  • Comments 5
  • Likes

Yesterday (12 February 2009) Microsoft announced a partnership with technology industry leaders and academia to implement a coordinated, global response to the Conficker (aka Downadup) worm. Together with security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators within the Domain Name System, Microsoft coordinated a response designed to disable domains targeted by Conficker. Microsoft also announced a $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet.

“As part of Microsoft’s ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers,” said George Stathakopoulos, general manager of the Trustworthy Computing Group at Microsoft. “By combining our expertise with that of the broader community we can expand the boundaries of defense to better protect people worldwide.”

As cyberthreats have rapidly evolved, a greater level of industry coordination and new tactics for communication and threat mitigation are required. To optimize the multiple initiatives being employed across the security industry and within academia, Microsoft helped unify these broad efforts to implement a community-based defense to disrupt the spread of Conficker.

Along with Microsoft, organizations involved in this collaborative effort include ICANN, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.

“The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together,” said Greg Rattray, chief Internet security advisor at ICANN. “ICANN represents a community that’s all about coordinating those kinds of efforts to keep the Internet globally secure and stable.”

“Microsoft’s approach combines technology innovation and effective cross-sector partnerships to help protect people from cybercriminals,” Stathakopoulos said. “We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable.”

More information about how to protect yourself from Conficker can be found at http://www.microsoft.com/conficker. Customers interested in learning more about staying safe online can visit http://www.microsoft.com/protect.

Microsoft’s reward offer stems from the company’s recognition that the Conficker worm is a criminal attack. Microsoft wants to help the authorities catch the criminals responsible for it. Residents of any country are eligible for the reward, according to the laws of that country, because Internet viruses affect the Internet community worldwide. Individuals with information about the Conficker worm should contact their international law enforcement agencies.

Comments
  • It took your guys some time to start this initiative. Although botnets, in all flavours, have been present for several years and have been causing millions of dollars losses, nobody, especially ISPs, aren't doing anything about it.

    One can wonder if all this is far too little way too late? Can you solve anything by arresting the guy that did conficker? Sure, justice will be served, but tomorrow or even today, 5 other guys will take his place and think of another way they can create a botnet. And nobody will care about the other 5 guys after Conficker gets solved, because they will only have 2-6k of bots so they aren't going to get any press. After those 5 guys, another 5 guys will come and so on and so forth. Until the next Conficker or Blaster or etc.. and that's when Microsoft will notice again...

  • We are still seeing a lot of individuals coming to our site, locked out from Microsoft and anti-virus sites by the virus, trying to fix their computers.  The Conficker Cabal helps the industry, but not the PC owners.

    The industry needs to set up a common, free support site at one or more unblocked domains with tools for victims to fix their Windows machines.  XP Home users, for example, have no simple way outside of the registry hack (documented on our site and several others) to disable Autoplay. These infected machines represent a potential ongoing source of reinfection.  People are paying rental geeks hundreds of dollars on house calls even though they owned (and regularly updated) antivirus software.  

    Finally, the technical community needs to stop the "ha ha - get a mac/linux" attitude and act with a sense of service to their friends and neighbors who own and enjoy Windows PCs.

  • I have a step by step on my blog on how to remove it if anyone is interested.

    http://blogs.msdn.com/rockyh/archive/2009/01/14/conficker-removal-with-msrt.aspx

  • They are careless people are over the world. Microsoft has been released the update last year and this worm will detect and removed by almost all Anti-Malware for Windows but users are not update and they may infect as long as they infect then they cannot update Windows or install MSRT or log on to Safety.live.com to scan their PC . Therefore to protect your friend I recommend you to download MSRT in your removable storages : your flashmemory,external harddisk, MP3, Windows Mobile and then if you see infected PC insert your device and scan with MSRT to remove it then log on to Safety.live.com and do full scan but before do that update the operating system. If Windows is not Genuine then leave it with Malware and do nothing. You also could install 90-day trial of Windows OneCare for infected user if he want to. WARNING that if you insert any device it will infected please make sure you have updated Windows and Anti-Malware and you have enough skill to remove Malware from your removable device (do full scan in your removable device).

    Hope helps

  • i totally agree while we surf the net we should be wach ful it is like leeting the door open in the night and stealing done then we are worried about it. so we should be careful as this wen world chaos so we should be careful while surfing and also malicous software removal tool scan also should be done.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment