Bekker's Blog

Blog archive

Report Details Why the Conficker Botnet Was Abandoned

About 10 years ago, a worm dubbed Conficker began constructing a botnet that ran away to over 10 million Windows computers. The Conficker worm is still estimated to have potential control over as many as 500,000 unpatched Windows systems, but it was never used for anything but a low-yield scareware campaign.

Over the weekend, journalist Mark Bowden provided an explanation for why that powerful botnet was abandoned. Bowden is best known for "Black Hawk Down," a book-length account of the U.S. military raid in Somalia in 1993 that was turned into a movie. In 2011, Bowden wrote a book about Conficker, called "Worm."

In an article published in The New York Times, "The Worm That Nearly Ate the Internet," Bowden provided an update on Conficker by reporting about an article from a classified journal he obtained this year.

"This explanation was detailed in an article published in December 2015 by The Journal of Sensitive Cyber Research and Engineering, a classified, peer-reviewed publication issued by a federal interagency cybersecurity working group including the Pentagon, Department of Homeland Security and N.S.A. -- and distributed to a small number of experts with the appropriate security clearances. The article itself was not classified, but reached only a small readership," Bowden wrote.

Contrary to theories that academics created Conficker as an exercise or a government developed it as a cyberweapon, Bowden contended that the journal article builds a strong case that it was the work of cybercriminals.

"While some experts still disagree, most now believe that Conficker was the work of Ukrainian cybercriminals building a platform for global theft who succeeded beyond all expectation, or desire," he wrote.

The scale of the botnet appeared to surprise the creators, and may explain why it wasn't used despite all the effort that went into creating it. "The last thing a thief wants is to draw attention to himself," Bowden writes. "Conficker's unprecedented growth drew the alarmed attention of cybersecurity experts worldwide. It became, simply, too hot to use."

The story is well worth a read for more detail on the Ukrainians and the Swede charged in the case, as well as policy and Internet security implications of Conficker a decade later.

Posted by Scott Bekker on 07/01/2019 at 3:01 PM


comments powered by Disqus

Subscribe on YouTube