Security industry urged to collaborate more to combat malware

An influential security consortium says industry response to Conficker worms offers blueprint for a safer internet

A US government-backed IT defence taskforce has concluded that closer co-operation between governments, security vendors and network operators is needed to minimise the risk posed by internet worms such as Conficker.

A newly-published report by the Conficker Working Group (CWG), a consortium of technology companies and researchers, including Facebook, Microsoft and Verisign and backed by the US Department of Homeland Security, has urged interested parties to develop a global strategy for dealing with the threat of viruses and botnets.

The group said there is a pressing need for an alternative to the normal "whack-a-mole approach of battling one incident after another".

The CWG was established to deal with the threat posed by the Conficker A worm and its handful of variants, which first emerged in November 2008. The Conficker malware was intended to create a botnet of unprecedented size, with millions of computers infected.

Each infected computer would reach out to hundreds of randomly generated domains per day to attempt to update with new code or instructions. It created a botnet that had the potential to "credibly threaten critical infrastructure on the internet," the CWG report stated.

Information-sharing practices between vendors, security researchers, government agencies and internet infrastructure firms have been in operation for some time, said Rik Ferguson, a senior security adviser at Trend Micro.

"But the industry response to Conficker shows just how effective we can be when we work closely together," he told Computing.

Historically, the practice of sharing information between security firms has emerged organically, as firms work out how to balance the commercial pressure to demonstrate their own aptitude for identifying and combating threats with the benefits of sharing information about threats and vulnerabilities.

"In future we will need a more formalised structure for sharing threat data," Ferguson added.