SC Magazine has published a great feature story on the Conficker Working Group, an industry task force that has made major strides damaging the command and control channels of the worm that has infected 6.5 million computers worldwide since 2008.
The feature quotes Sunbelt Chief Technical Officer Eric Sites: “The Conficker Working Group is the greatest collaboration of top level security experts for specific malware research in industry history. The collaborative efforts of the Conficker Working Group are responsible for preventing a large scale attack.”
AV researchers in the group reverse engineered the worm code and found the domain-generation algorithm. They then were able to forecast websites that infected machines would be checking with and registered the domains before the attackers could.
“This will serve as a model in the future,” according to Rodney Joffe, SVP of domain name registrar NeuStar. “Within government, this is being pointed to as the model, or poster child, that collaboration within private industry really can work across borders. We were able to get collaboration in ways that had never been seen before.”