Microsoft Corp. today said it is offering a $250,000 reward for information that leads to the arrest and conviction of those responsible for launching the "Conficker" computer worm, a threat that has infected millions of Microsoft Windows PCs over the past two months.
The reward is the most public acknowledgment yet of the damage inflicted by the Conficker worm - known to some anti-virus companies as "Downadup" -- which wiggles into Microsoft systems primarily through a security hole in the Windows operating system.
Microsoft issued a software update in late October to help customers guard against the attack, but Conficker can spread even to systems that have already been patched, by piggybacking on removable media -- such as USB drives -- that launch the worm when connected to a Windows system.
"As part of Microsoft's ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers," said George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group. "By combining our expertise with the broader community we can expand the boundaries of defense to better protect people worldwide."
Microsoft created the reward program in 2003, funding it with $5 million to help law enforcement agencies bring computer virus and worm authors to justice. But this is the first time in four years that Microsoft has issued a reward in response to a worm outbreak.
In July 2005, Microsoft paid a $250,000 bounty to two individuals who helped identify the creator of the notorious "Sasser" worm, whose author was arrested in 2004 and subsequently sentenced to prison by German authorities. Microsoft also has offered $250,000 reward offers for information leading to the arrest and conviction of the author(s) behind three other major computer worm threats, including the "Blaster," "MyDoom," and "Sobig" worms. To date, those responsible for unleashing those worms remain at large.
Security Fix will have more coverage of the developments leading up to today's announcement. Stay tuned.
Update, Feb. 13, 6:04 p.m. ET: washingtonpost.com today published a story that looks at the unprecedented level of collaboration among industry, academic and Internet policy bodies in fighting this worm.
From that story:
The quarter-million dollar award Microsoft is offering for information that leads to the arrest and conviction of those responsibile for unleashing the "Conficker" worm may represent the culmination of what security experts say has been an unprecedented and collaborative response from industry, academia and Internet policy groups aimed at not just containing the spread of this worm, but also in creating a playbook for dealing with future digital pandemics.
http://voices.washingtonpost.com/securityfix/2009/02/microsoft_offers_250000_reward.html
Bounty hunter MS sounds cool to me.
