The Conficker worm has seized control of millions of computers in just a few months (Image: Carsten Müller / stock.xchng)

A HOTEL bar in Arlington, Virginia, 23 October 2008. A group of computer security experts has spent the day holed up with law enforcement agencies. It is an annual event that attracts the best in the business, but one the participants like to keep low-key – and under the radar of the cybercriminals they are discussing.

That evening, conversation over drinks turned to a security update Microsoft had just released. Its timing was suspicious: updates usually came once a month, and the next was not due for two weeks. “I remember thinking I should take a look at this,” recalls Paul Ferguson, a researcher at Trend Micro, a web security company in Cupertino, California.

He did. So did the rest of the computer security industry. In fact, they talked, puzzled and worried about little else for months after. The update heralded the birth of the Conficker worm – one of the most sophisticated pieces of malignant software ever seen.

Despite an unprecedented collaboration against them, Conficker’s accomplished creators have been able to bluff and dodge to gain control of machines inside homes, universities, government offices and the armed forces of at least three nations, establishing a powerful and lucrative network of “zombie” computers. New Scientist has pieced together the sobering details of that cat-and-mouse fight.

Conficker’s creators bluffed and dodged to gain control of machines in militaries, universities and governments

The dry, technical language of Microsoft’s October update did not indicate anything particularly untoward. A security flaw in a port …