The mere existence of the Conficker Working Group (also known as the Conficker Cabal) is something of a minor miracle. Security vendors do not have a long history of cooperating with each other, aside from the perhaps the antivirus companies sharing samples. But, as an unidentified member of the Conficker Working Group writes in this diary entry [sans.org], the joint effort to stop the spread of Conficker could be used as a blueprint for future cooperative eforts.
The Conficker Working Group includes a huge number of security companies and other interested parties, all working toward a common goal.
It is my honest hope that the level of awareness and participation that this effort produces jump starts the adoption of this behavior in the registry industry. The current threat environment is such that registry operators provide a very important capability in mitigation of certain malicious threats. It is the dawning of this cognition on the industry that is so critically important. No doubt those with any insight will quickly chime in with “they will move away from using domains!”. I completely agree with that this will happen, but what this does is erode away the convenience, stability, and scalability that DNS provides. This of course forces our opponents into a realm of less stable and more “ad hoc” methods. I am of the view that any and all costs that can be forced on an opponent are worthwhile when engaging in wars of attrition.
As I have stated before, this will hopefully be the first of many such efforts by the community to self organize and execute mitigation efforts for large scale threats.
While there are countless industry organizations and trade associations, this kind of technical cooperation is far too rare and needs to be the rule, rather than the exception. Hopefully the success of the CWG will show the value of these efforts.