Report Details Why the Conficker Botnet Was Abandoned -- Redmondmag.com

Bekker's Blog

Report Details Why the Conficker Botnet Was Abandoned

About 10 years ago, a worm dubbed Conficker began constructing a botnet that ran away to over 10 million Windows computers. The Conficker worm is still estimated to have potential control over as many as 500,000 unpatched Windows systems, but it was never used for anything but a low-yield scareware campaign.

Over the weekend, journalist Mark Bowden provided an explanation for why that powerful botnet was abandoned. Bowden is best known for "Black Hawk Down," a book-length account of the U.S. military raid in Somalia in 1993 that was turned into a movie. In 2011, Bowden wrote a book about Conficker, called "Worm."

In an article published in The New York Times, "The Worm That Nearly Ate the Internet," Bowden provided an update on Conficker by reporting about an article from a classified journal he obtained this year.

"This explanation was detailed in an article published in December 2015 by The Journal of Sensitive Cyber Research and Engineering, a classified, peer-reviewed publication issued by a federal interagency cybersecurity working group including the Pentagon, Department of Homeland Security and N.S.A. -- and distributed to a small number of experts with the appropriate security clearances. The article itself was not classified, but reached only a small readership," Bowden wrote.

Contrary to theories that academics created Conficker as an exercise or a government developed it as a cyberweapon, Bowden contended that the journal article builds a strong case that it was the work of cybercriminals.

"While some experts still disagree, most now believe that Conficker was the work of Ukrainian cybercriminals building a platform for global theft who succeeded beyond all expectation, or desire," he wrote.

The scale of the botnet appeared to surprise the creators, and may explain why it wasn't used despite all the effort that went into creating it. "The last thing a thief wants is to draw attention to himself," Bowden writes. "Conficker's unprecedented growth drew the alarmed attention of cybersecurity experts worldwide. It became, simply, too hot to use."

The story is well worth a read for more detail on the Ukrainians and the Swede charged in the case, as well as policy and Internet security implications of Conficker a decade later.

Posted by Scott Bekker on 07/01/2019 at 3:01 PM

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.