Microsoft’s Digital Crimes Unit Talks Cybercrime with “Worm” Author Mark Bowden

I recently had the privilege and pleasure of joining author Mark Bowden and New York Times technology reporter John Markoff at the Computer History Museum in Mountain View, Calif., where we spoke about Mark’s new book, Worm: The First Digital World War. Worm is an account of the Conficker computer worm and the group of security professionals (myself included) who came together to combat the proliferating malware as members of the Conficker Working Group.

The Conficker worm first appeared in 2008 and quickly created one of the largest and fastest-growing botnets in the world. Conficker infects computers through a number of mechanisms, including file sharing and via removable drives. Once a computer becomes infected, Conficker can disable important services on the computer and spread itself to other computers across a network automatically, without human interaction. Today, while Conficker is no longer the size it once was, there are still roughly 3.2 million computers estimated worldwide to be infected with Conficker.

The panel discussion at the Computer History Museum, which you can listen to here and view here, brought back memories of how intense the efforts to dissect, understand and disrupt the Conficker worm were back in 2008 and 2009. From one perspective, we have to view the fight against Conficker as a partial win for the bad guys: It still poses a significant threat to the Internet infrastructure as long as infected computers are still subject to the remote control of those behind Conficker. In another way, however, the community’s efforts to fight Conficker resulted in discoveries, lessons and working relationships that have dramatically advanced and redefined the fight against botnets ever since.

It’s fair to say that the thinking behind the Conficker Working Group was the foundation for Microsoft’s efforts with our partners to annihilate botnets, which have thus far resulted in the takedown of the Waledac, Rustock and Kelihos botnets, and informed takedown efforts by others such as Coreflood and DNS Changer. Before Conficker, many in the security community hesitated to take action for fear of “making smarter criminals.”

With Conficker, it became clear cybercriminals were going to get smarter no matter what, but that the good guys could have impact against these threats if we worked together creatively to protect our customers. The good guys are ultimately in control of the Internet infrastructure and we can implement measures that make it more difficult for the bad actors to use it against us. For example, with better accountability practices for domain registration and hosting providers, cybercriminals would find it a lot harder to do business.

Conficker also demonstrated that ordinary computer users play an important role in their own security as well. Many of the tools to make a computer user more difficult for cybercriminals to target are automatic and exist freely. Users should also be wary of social engineering schemes, which continue to be an effective way for the bad guys to beat security measures.

We had a great time at the event, which packed the house for our 90-minute discussion. John moderated a lively discussion with Mark and me, including a reading from Worm and questions from the audience. Discussing these points with Mark and John at the Computer History Museum (which is currently displaying a fantastic array of artifacts and historic technology in its exhibit “The First 2,000 Years of Computing”), I was humbled by the impressive figures in the audience, including fellow members of the Conficker Working Group who remember being in the trenches for these lessons. Many are pioneers in the field of computing and computing security, and the audience questions demonstrated an impressive depth of knowledge and understanding of what Mark refers to (affectionately) as the “Geek Tribe.”

One of the things I found so gratifying about this event was seeing the energy and excitement in the security community around the potential for making a difference in the fight against cybercrime. I’ve been proud to be part of recent efforts by Microsoft and our industry partners to take down botnets. But as Worm shows, there is always another battle to fight, so I’m glad to know that the security community is standing at the ready.

My sincere thanks go out to John, Mark and to the Museum organizers for making the event possible.

If you’re interested in staying up to speed on the fight against cybercrime, I welcome you to follow the Microsoft Digital Crimes Unit on Facebook and Twitter. If you are worried your computer might be infected with Conficker, I encourage you to visit http://www.microsoft.com/security/pc-security/conficker.aspx. More information about how to protect your computer from malicious software and attacks in general can be found at http://www.microsoft.com/protect.

About the Author

Director of Security, Microsoft Digital Crimes Unit