Conficker Activity Update


There’s been a lot of activity today around the Conficker worm here at Microsoft and across the industry. I wanted to give everyone a quick, high-level overview on what’s been going on today.


 


First, today we’re making public, the work we and many other industry and academic partners have been doing behind the scenes to help combat the Conficker worm.


 


Second, we’ve provided additional information from our research to our Microsoft Active Protections Program (MAPP) partners and our Microsoft Security Response Alliance (MSRA) partners and posted it to the MSRC weblog in an effort to help customers and other researchers.


 


Finally, we have announced a US$250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker worm. Individuals with information about the Conficker worm are encouraged to contact their international law enforcement agencies.  Additionally, Microsoft has implemented an Antivirus Reward Hotline, 1-425-706-1111, and an Antivirus Reward Mailbox, avreward@microsoft.com, where tips can be shared.


 


The work that we’ve done with industry and academic partners and the additional information that we’ve provided all relate to the same thing: disrupting the Conficker worm’s attempts to connect to domains on the Internet after successfully attacking a system. By understanding the algorithm that the Conficker worm uses to generate the domain names that infected systems attempt to connect to, we can take steps to disrupt the Conficker worm by blocking access to those domains by infected systems.


 


We have worked with ICANN and operators within the domain name system to proactively disable a significant number of domains that systems infected by the Conficker worm would try to connect to.


 


We have also made information about the algorithm and the list of domain names available so that security researchers and customers can review logs to identify infected systems connecting to these domains and proactively block access to these domains.


 


As someone involved in security response for a number of years, it’s exciting for me to see the industry come together to take an innovative, new approach to combating malware. It helps prove again that while threats may be evolving, so too is our response as an industry to these threats.


 


Thanks.


Christopher


Updated 2/14/2009 with contact information regarding Antivirus Reward


*This posting is provided “AS IS” with no warranties, and confers no rights*


Comments (6)

  1. Anonymous says:

    마이크로소프트 보안 대응 센터(MSRC) 블로그 에 의하면, Conficker 웜을 만들어 퍼뜨린 책임이 있는 자를 체포하는 데에 결정적 공헌을 한 경우 현상금 25만 달러를 제공한다고

  2. Anonymous says:

    Looks like the MSRC folks have a couple new updates regarding the Conficker worm.  The first is

  3. Anonymous says:

    Looks like the MSRC folks have a couple new updates regarding the Conficker worm.  The first is

  4. Anonymous says:

    Yahoo! Tech and others are abuzz with speculation about what might happen on April 1, when the Conficker

  5. Anonymous says:

    Yahoo! Tech and others are abuzz with speculation about what might happen on April 1, when the Conficker