Friday, January 28, 2011

Conficker Group reveals 'Lessons Learned'


The Conficker Group recently published its "Lessons Learned" report, detailing how businesses and government organizations can prevent successful computer worm attacks in the future.
The report was funded by the Department of Homeland Security in an effort to establish best practices for preventing some of the most dangerous malware in the wild. The most significant achievement the Conficker Group identified in its report was "preventing the author of Conficker from gaining control of the botnet," thus neutralizing the threat after a worm infiltrated a computer or network.
The Conficker organization came together in 2008 to investigate new approaches to preventing the Conficker worm, one of the most successful malware strains in history. Some estimates claim the Conficker worm was live on 15 million devices at its highest point.
The worm is particularly dangerous because, once it infiltrates a computer, a botnet is activated that gives a remote hacker control over the computer. Because of this, any information is available to be copied and replicated, posing identity theft and national security threats.
Although the Conficker Group was able to craft an approach to deactivate the botnet that carried out Conficker's most dangerous functions, the process was not easy. According to the Conficker Group's report, the organization needed to coordinate resources from more than 100 countries and had to block more than 50,000 domains created and sent by the Conficker C worm every day.
"Without these organizations, the group would have been able to do little to scale the registration of international domains to block Conficker C from using domains to update," the report said.
While the organization's efforts to neutralize Conficker appeared successful, the report claims that the cyber criminals controlling the malware did not use it to its full ability. Rather, Conficker was most commonly used to distribute scareware, which deceives computer users into thinking their device is infected with malware and downloading a fake antivirus program that is actually malware itself.
However, this does not mean Conficker will never reemerge and perform more dangerous tasks.
"It is likely that the Conficker Working Group effort to counter the spread did make it more difficult for the author to act with impunity, but the author did not seem to have tried his or her hardest," said the report. "It is possible the level of attention given to the malware scared off the author. It is also possible the author is waiting for a later date or is waiting for someone to pay for the use of the botnet."
Botnets have been found in a number of other attacks lately, including Zeus and Stuxnet, which have posed significant financial and national security threats on an international level.
Luckly at this time Finallyfast's software can remove many of the Spyware and Malware problems that can infect your PC. In fact it is really important to protect your computer. Software like Finally Fast scans your PC for malicious programs that can get through anti-virus programs and infect your PC. Learn more at