November 4, 2003 3:04 PM PST

Microsoft to offer bounty on hackers

Microsoft will work with law enforcement to track down writers of worms, viruses and other malicious code, and is ponying up $5 million to fund the search.

As first reported by CNET News.com, the initiative's first two bounties--to the tune of $250,000 each--will be for information leading to the arrest and conviction of the people responsible for releasing the MSBlast worm and Sobig virus, both of which wreaked havoc online over the summer.

News.context

What's new:
Microsoft sets aside $5 million to fund the search for those who released the MSBlast worm and the Sobig virus.

Bottom line:
The initiative marks the latest move by Microsoft and law enforcement to curtail attacks that plague the Internet.

Track the players

Microsoft executives were joined by representatives from the FBI, the Secret Service and Interpol at a press conference Wednesday that announced the new fund.

"These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that disrupt the lives of real people," Brad Smith, general counsel at Microsoft, said in a press conference.

The rewards will be open to residents of any country, subject to that country's laws, Microsoft said. People with information can report it to law enforcement online to Interpol, to the Internet Fraud Complaint Center or to FBI, Secret Service or Interpol field offices.

Dubbed the Anti-Virus Reward Program, the initiative marks the latest move by Microsoft and law enforcement to put a stop to the repeated waves of attacks that have hit the Internet in the past decade. The two rewards posted on Wednesday could also jump-start federal law enforcement's seeming stalled investigation into the attacks that infected hundreds of thousands of computers in August and September.

The U.S. Department of Justice, the FBI and Microsoft had earlier announced the arrests of two men who are suspected of modifying and releasing minor variations of the MSBlast worm, but have made little progress in catching the original author or the person or group responsible for the Sobig virus. Those attacks were serious enough to hurt Microsoft's bottom line and help security companies post more profits.

Click here to Play

Top security experts take ZDNet's Digital Defense Test 2003.

MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 million computers, according to data from security company Symantec. The worm compromised computers by using a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier. A variant of the worm, MSBlast.D, was intended to protect machines against the original program, but it ended up being so aggressive that the avalanche of data it produced shut down networks.

The Sobig.F virus spread through e-mail on Aug. 19, compromising users' computers with software designed to turn the systems into tools for junk e-mailers.

Calling all bounty hunters?
The rewards may motivate security researchers into becoming amateur bounty hunters, but real leads are likely to come from those close to the actual miscreants involved, Peter Nevitt, director of information systems for Interpol, said in a CNET News.com interview.

"It is less likely that we will have bounty hunters and more likely that we will have people that will break ranks within those in the know," he said.

Keith Lourdeau, acting deputy assistant director for the FBI's Cyber Division, said that while rewards have been used in the past to garner information, there's no quantitative measure of how successful the tactic is.

Audiocast
arrow Foundstone's CTO: Offering
reward for
virus writers could
be beneficial
play audio

"In the cases that I know of, including bank robberies and major theft cases, offering a reward has generated a lot of information," he said. Sifting through the massive amounts of information will be the job of law enforcement.

The decision to offer rewards for only the two latest threats doesn't preclude additional bounties to be made for other Internet attacks, such as the MSBlast.D worm, also known as Nachi and Welchia.

"We wanted to earmark $5 million so there would be ample resources for the near future," said Microsoft's Smith, who said that tapping into the fund will be done case by case. "We need to make decisions (about rewards) on a variety of criteria. The severity of the virus is one criteria; another is timeliness."

Smith said he hopes that Microsoft's move will put worm and virus writers on notice.

"These people are the saboteurs of cyberspace sitting behind their computer screens," he said. "This is a broad problem and we need to act, not only with determination, but with a long-term resolve."

1 comment

Join the conversation!
Add your comment
messenger gone bad
I have a messenger on my pc that I have had for years and have never had a big problem with it. But now I have someone or something that is typing their own messenge and sending it to my friends when I am talking to them. This is the messenge that it types: ¶ÔÁË,ÌÚѶ×îЩ¶´¿ÉÒÔÃâ·ÑµÃµ½Q±ÒºÍQQÐã,¸Ï¿ì¸æË߸ü¶àÅóÓÑ<a class="jive-link-external" href="http://www.53best.com" target="_newWindow">http://www.53best.com</a> I am not sure what it is or what it means. I am not brave enough to venture onto the site. I have run virus scans and checked everything seperately. I dont knw what else to do to it. If anyone would know what to do or what they think it may be please tell me. I am out of ideas for this messenger gone bad.
Posted by (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.Subscribe

  • my Yahoo

    Add this Feed
  • Google

    Add this Feed
  • MSN

    Add this Feed