« October 2015 · April 2016 »


  • No entries for February 2016.
  • No entries for January 2016.
  • No entries for December 2015.
Newest first Oldest first

The Conficker Working Group Lessons Learned Document

Starting in late 2008, and continuing through June of 2010, a coalition of security researchers worked to resist an Internet borne attack carried out by malicious software known as Conficker. This coalition became known as “The Conficker Working Group”, and seemed to be successful in a number of ways, not the least of which was unprecedented cooperation between organizations and individuals around the world, in both the public and private sectors.

In 2009, The Department of Homeland Security funded a project to develop and produce a “Lessons Learned” document that could serve as a permanent record of the events surrounding the creation and operation of the working group so that it could be used as an exemplar upon which similar groups in the future could build. This is the document.

The Rendon Group conducted the research independently, and although a number of members of the Conficker Working Group were interviewed, and provided information to the authors, the report is the sole work product of the Rendon Group. The views and conclusions are not necessarily those of the Conficker Working Group, or any of its official or unofficial members. Nonetheless the Core Committee of the Conficker Working Group believes the report has substantial value and is pleased to provide access to the Rendon document via the Conficker Working Group Website.

An additional thank you to Rick Wesson of Support Intelligence, and David Dagon from Georgia Tech for their efforts in getting the Lessons Learned project funded.

The document can also be downloaded here

Rodney Joffe
Conficker Working Group

Follow up questions can be directed to the Rendon Group at the address below, as well as the following members of the Conficker Working Group Core Committee:

  • The Rendon Group
  • Phone: +1 202-745-4900
  • trginfo@rendon.com

Conficker Working Group Core Committee:

The ShadowServer Foundation

  • Andre' M. DiMino
  • Co-Founder and Director
  • Phone: +1 914-410-6480
  • Email: adimino@shadowserver.org

Neustar, Inc

  • Rodney Joffe
  • Senior Vice President
  • Phone: +1 202-533-2900
  • Email: rodney.joffe@neustar.biz

Verisign, Inc.

  • Ramses Martinez
  • Director of Information Security
  • Phone: +1 571-723-1874
  • Email: ramartinez@verisign.com

Arbor Networks PR Contact

  • Kevin Whalen
  • kwhalen@arbor.net
  • Phone: +1 978-852-8432

Microsoft PR contact:

  • Christine McKeown, Waggener Edstrom
  • (425)638-7465
  • cmckeown@waggeneredstrom.com

SRI International

  • Phillip Porras
  • Phone: +1 650-650-859-3232
  • Email: porras@csl.sri.com

Internet Systems Consortium

  • Barry Greene
  • President
  • Phone: +1 650-423-1311
  • Email: bgreene@isc.org

Check to see if you are infected

Thanks to Joe Stewart from SecureWorks for his awesome work.

Check for Infection