A private key used to sign encrypted updates for Conficker was crucial missing evidence needed to track the creators of the malware.
The dedicated Conficker Working Group continued to hunt the creators of the malware while the worm was still actively infecting users.
Conficker Working Group member and researcher Jose Nazario said it was difficult to track the Conficker creators because they had abandoned the botnet, leaving researchers with a lack of leads.
“Well, we sort of won in that regard. They had to walk away from it. On the other hand, if they're not interacting with it, there's no more evidence coming in," Nazario told PCAdvisor.
“It feels like a stalemate. It feels like we're kind of in a holding pattern but there's still effort that goes into it.”
The working group was still interacting with sinkhole operators, top-level domain operators and ICANN, while the malware remained on autopilot taking advantage of vulnerable computers and proving to be a long-term nuisance.
Stonesoft chief information security officer Joona Airamoof said Conficker was well designed.
"With the collateral damage being far greater than what the creator may have intended, it could have been an attack gone wild – even more reason for someone to not what to come forward.”
Microsoft announced a US$250,000 reward for information that resulted in the arrest and conviction of those responsible for the Conficker malware in 2009.
