Microsoft Corp. today said it is offering a $250,000 reward for information that leads to the arrest and conviction of those responsible for launching the "Conficker" computer worm, a threat that has infected millions of Microsoft Windows PCs over the past two months.

The reward is the most public acknowledgment yet of the damage inflicted by the Conficker worm - known to some anti-virus companies as "Downadup" -- which wiggles into Microsoft systems primarily through a security hole in the Windows operating system.

Microsoft issued a software update in late October to help customers guard against the attack, but Conficker can spread even to systems that have already been patched, by piggybacking on removable media -- such as USB drives -- that launch the worm when connected to a Windows system.

"As part of Microsoft's ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers," said George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group. "By combining our expertise with the broader community we can expand the boundaries of defense to better protect people worldwide."

Microsoft created the reward program in 2003, funding it with $5 million to help law enforcement agencies bring computer virus and worm authors to justice. But this is the first time in four years that Microsoft has issued a reward in response to a worm outbreak.

In July 2005, Microsoft paid a $250,000 bounty to two individuals who helped identify the creator of the notorious "Sasser" worm, whose author was arrested in 2004 and subsequently sentenced to prison by German authorities. Microsoft also has offered $250,000 reward offers for information leading to the arrest and conviction of the author(s) behind three other major computer worm threats, including the "Blaster," "MyDoom," and "Sobig" worms. To date, those responsible for unleashing those worms remain at large.

Security Fix will have more coverage of the developments leading up to today's announcement. Stay tuned.

Update, Feb. 13, 6:04 p.m. ET: washingtonpost.com today published a story that looks at the unprecedented level of collaboration among industry, academic and Internet policy bodies in fighting this worm.

From that story:

The quarter-million dollar award Microsoft is offering for information that leads to the arrest and conviction of those responsibile for unleashing the "Conficker" worm may represent the culmination of what security experts say has been an unprecedented and collaborative response from industry, academia and Internet policy groups aimed at not just containing the spread of this worm, but also in creating a playbook for dealing with future digital pandemics.

 

http://voices.washingtonpost.com/securityfix/2009/02/microsoft_offers_250000_reward.html

Bounty hunter MS sounds cool to me.

good,

Excellent.

Part of me wants to blame Microsoft for only designing OS that allow such exploits..but am I being fair?

Not really. All OSs have security issues. Anything can be hacked. The difference is the imagined payout from doing so. Mac and Linux as well other systems just don't have the same attaction as a Windows system does.

Now, don't get me wrong, I do think MS could have done a much better job on some inherent security issues, just saying that even if Mac or Linux was 90% of the market, things would still be the same.

Agreed.  It depends on who uses what and how much.

I actually like most of these worms, maybe its just the slight anarchist in me, but I love the idea of microsoft and its billions of dollars taking a beating at the hands of some 16 year old kid in his moms basement.

It is true that every OS has vulnerabilities, but even the hardest MS supporter has to admit windows has WAY more then most. Vulnerabilities primarily related to letting the very buggy Internet Explorer integrate itself so closely with the OS itself so every little exploit of the browser (or the mail program for that matter) is not issolated, far from it. This contrasts greatly with OSX and Linux (all UNIX systems really) that issolate programs from one another whenever possible and contain the spread of malicious viruses.

Yes Linux and OSX CAN be hacked, but there are a hell of a lot more walls in place so its A) harder to hack them and B) harder for the virus to really do some damage once its inside the OS.

But yah, I would love to give this guy a 5 dollar reward as would a lot of others impressed with his feat. If it pushes more businesses to the open source and/or Unix community so much the better.

Also these hackers help prepare companies for really serious threats from terrorits or hostile nations. If a 16 year old kid can bring down huge computer systems then what do you think a determined terrorist cell of computer engineers or a hostile Chinese intelligence agency could do? I mean I'm not saying that the most recent Die Hard is a likely scinereo, but is it so impossible that we don't have to worry about it?

Agreed..


Bounty hunter MS just sounds bad ass.

actually...i was just reading about this thing the other day. how they are managing to isolate it from anyone who would use it. so while it may be widespread its effectively harmless.

here was the article i was reading for anyone interested
http://tech.yahoo.com/news/pcworld/20090213/tc_pcworld/withglobaleffortanewtypeofwormisslowed