There’s been a lot of activity today around the Conficker worm here at Microsoft and across the industry. I wanted to give everyone a quick, high-level overview on what’s been going on today.
First, today we’re making public, the work we and many other industry and academic partners have been doing behind the scenes to help combat the Conficker worm.
Second, we’ve provided additional information from our research to our Microsoft Active Protections Program (MAPP) partners and our Microsoft Security Response Alliance (MSRA) partners and posted it to the MSRC weblog in an effort to help customers and other researchers.
Finally, we have announced a US$250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker worm. Individuals with information about the Conficker worm are encouraged to contact their international law enforcement agencies. Additionally, Microsoft has implemented an Antivirus Reward Hotline, 1-425-706-1111, and an Antivirus Reward Mailbox, avreward@microsoft.com, where tips can be shared.
The work that we’ve done with industry and academic partners and the additional information that we’ve provided all relate to the same thing: disrupting the Conficker worm’s attempts to connect to domains on the Internet after successfully attacking a system. By understanding the algorithm that the Conficker worm uses to generate the domain names that infected systems attempt to connect to, we can take steps to disrupt the Conficker worm by blocking access to those domains by infected systems.
We have worked with ICANN and operators within the domain name system to proactively disable a significant number of domains that systems infected by the Conficker worm would try to connect to.
We have also made information about the algorithm and the list of domain names available so that security researchers and customers can review logs to identify infected systems connecting to these domains and proactively block access to these domains.
As someone involved in security response for a number of years, it’s exciting for me to see the industry come together to take an innovative, new approach to combating malware. It helps prove again that while threats may be evolving, so too is our response as an industry to these threats.
Thanks.
Christopher
Updated 2/14/2009 with contact information regarding Antivirus Reward
*This posting is provided “AS IS” with no warranties, and confers no rights*