The Conficker Working Group Lessons Learned Document

[freed0]

http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/LessonsLearned
http://www.confickerworkinggroup.org/wiki/uploads/Conficker_Working_Group_Lessons_Learned_17_June_2010_final.pdf


The Conficker Working Group Lessons Learned Document

Starting in late 2008, and continuing through June of 2010, a coalition of 
security researchers worked to resist an Internet borne attack carried out by 
malicious software known as Conficker. This coalition became known as “The 
Conficker Working Group”,
and seemed to be successful in a number of ways, not the least of which was 
unprecedented cooperation between organizations and individuals around the 
world, in both the public and private sectors.

In 2009, The Department of Homeland Security funded a project to develop and 
produce a “Lessons Learned” document that could serve as a permanent record of 
the events surrounding the creation and operation of the working group so that 
it could be used as
an exemplar upon which similar groups in the future could build. This is the 
document.

The Rendon Group conducted the research independently, and although a number of 
members of the Conficker Working Group were interviewed, and provided 
information to the authors, the report is the sole work product of the Rendon 
Group. The views and
conclusions are not necessarily those of the Conficker Working Group, or any of 
its official or unofficial members. Nonetheless the Core Committee of the 
Conficker Working Group believes the report has substantial value and is 
pleased to provide access to
the Rendon document via the Conficker Working Group Website.

Rodney Joffe
Chair
Conficker Working Group

Follow up questions can be directed to the Rendon Group at the address below, 
as well as the following members of the Conficker Working Group Core Committee:

    * The Rendon Group
    * Phone: +1 202-745-4900
    * trgi...@rendon.com

Conficker Working Group Core Committee:
The ShadowServer Foundation

    * Andre' M. DiMino
    * Co-Founder and Director
    * Phone: +1 914-410-6480
    * Email: adim...@shadowserver.org

Neustar, Inc

    * Rodney Joffe
    * Senior Vice President
    * Phone: +1 202-533-2900
    * Email: rodney.jo...@neustar.biz

Verisign, Inc.

    * Ramses Martinez
    * Director of Information Security
    * Phone: +1 571-723-1874
    * Email: ramarti...@verisign.com

Arbor Networks

    * Kevin Whalen
    * kwha...@arbor.net
    * Phone: +1 978-852-8432

Internet Software Consortium

    * Barry Greene
    * President
    * Phone: +1 650-423-1311
    * Email: bgre...@isc.org