After issuing the security update, we spent the next several days holding our collective breath, checking
            the telemetry data closely – almost hour-by-hour – and watching as more crashes were reported. Due to
            the nature of the bulletin we released about the patch, the media quickly caught onto the seriousness of
            the situation and hackers began to test the exploit for themselves. By early November, about two weeks
            after  our  initial  discovery  of  the  vulnerability,  a  new  malware  targeting  the  MS08-067  vulnerability
            emerged, but the prevalence was still very low. A few weeks later, however, the Conficker worm broke
            out on a scale the industry had rarely seen before.



            The Spread of Conficker

            Part of what made Conficker so prolific was the way in which it mutated and changed its propagation
            strategy.  As  many  as  five  different  variants  of  the  malware  emerged  over  time,  hijacking  millions  of
            computers and adding them to a global botnet. According to  reports at the time, several high-profile
            government agencies and enterprise organizations fell victim to the worm, including the French Navy,
            the  United  Kingdom  Ministry  of  Defense  and  Bundeswehr,  the  unified  armed  forces  of  Germany.  It
            seemed the entire industry was waiting, on edge, to see what the massive botnet would be used for.
            Experts  were  predicting  worst  case  scenarios  such  as  a  denial  of  service  attacks  against  large
            organizations, harming critical components of the Internet’s infrastructure, distributing ransomware, or
            any number of other threats to both the public and private sectors.

            Ultimately, Conficker’s notoriety may have been its downfall. The perpetrators behind the exploit never
            fully activated the botnet it created, likely because they had drawn so much global attention and feared
            being caught if they tried to unleash a widescale attack. Even so, experts estimate the global cost of
            efforts to combat the worm totaled more than $9 billion. This includes the time and resources spent by
            cybersecurity practitioners, government agencies, enterprises and individuals to clean up their infected
            machines and purchase counter-measure software.



            Collaboration Was Key

            Looking back, there is much we did right in our response from the initial discovery of the worm and the
            very first exploits, through to the wider outbreak. Our efforts were the result of two pillars working together.
            One was the technical investigation of the vulnerability: we needed to know everything we could about it
            and  the  affected  versions  so  that  a  complete  fix  could  be  developed  and  tested.  The  second  pillar
            revolved  around  providing  public  communications  to  ensure  customers,  partners  and  security
            professionals had all the relevant and timely information they needed to keep their systems safe and
            prevent more computers from being compromised.

            That  collaboration  between  different  internal  and  external  teams  working  to  mitigate  the  threat  was
            incredible. As soon as the worm gained momentum, the Conficker Working Group, comprised of elite
            researchers from multiple vendors and organizations, was established and enabled team members to
            work  together  effectively  to  exchange  data,  techniques  and  launch  countermeasures  to  disrupt  the
            propagating malware. Conficker taught us that cybersecurity really is a collective and collaborative effort.
            It helped bring together the broader cybersecurity industry, including organizations and individuals from





                                 164