By Robert Lemos, 5 November 2003 08:25
NEWS Microsoft is to offer two $250,000 bounties for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus.
The two programs attacked computers that run Microsoft's Windows operating system, causing havoc among companies and home users in August and September. The reward, confirmed by sources in both the security industry and in law enforcement, will be announced in a joint press conference with the FBI, the US Secret Service and Interpol that's scheduled for 10:00(EST) today.
The rewards are the first time a company has offered money for information about the identity of the cybercriminals.
The rewards mark the latest move by Microsoft and law enforcement to track down the people responsible for infecting hundreds of thousands of computers in August and September. The US Department of Justice, the FBI and Microsoft had earlier announced the arrests of two men who are suspected of modifying and releasing minor variations of the MSBlast worm.
The attacks were serious enough to hurt Microsoft's bottom line and help security companies post more profits.
MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 million computers, according to data from security company Symantec. The worm compromised computers that use a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier.
Peter Lindstrom, director of research for network protection company Spire Security, said: "I think it is not a bad approach to counter the growing activity out there. People might criticise Microsoft for it, but it is a legitimate way to mobilise more folks to start analysing their logs."
Despite nearly three months of intensive investigation, the FBI and Microsoft have only been able to track down two suspected bit players. The rewards seem designed to produce a mutiny in the close-knit circles of the hacker underground.
However, some researchers believed that such rewards might divert attention away from other efforts to add security that might defeat worms and viruses in the future.
One security researcher, who spoke with the condition of anonymity, said: "It doesn't solve the underlying problem of people being able to write worms like MSBlast. It doesn't quite equate accountability with being at the keyboard."
Robert Lemos writes for News.com
Comments
There are 10 comments. Join the discussion
1. Derek Hall
"What a great idea! I could just do with some money. I'll get a friend to write a virus, report him to Microsoft and then split the reward with him."
How many virus authors will think along those lines? How about Microsoft removing the bugs that enable the virus writers to exploit their systems instead?
2. Conrad Yakoski
Start your investigation at www.msblast.co.uk or www.sobig.co.uk
3. anonymous
Of all pirates, Microsoft tops it. Now, they want to hunt the hackers down? This is a sign of fear. They're days are numbered.
4. Ken Thompson
If each major company used a very small amount of its security budget as a reward for outing virus writers there would be millions of dollars on each one's head. It must be cost effective. And the last one beware. He would be worth hundreds of millions!
5. Peter Baxter-Derrington
Oh, for goodness sake - why doesn't everyone just grow up? There will always be a troupe of naughty boys & girls out there determined to stitch up the likes of KillBill Gates...
Frankly, it's our responsibility as companies; employees and users (business & home) to make sure we've got adequate protection.
And as Symantec et al., are the IT Industry's equivalent of the ubiquitous condom, choosing to have unsafe eRelations with each other may satisfy our eLust - but it's hardly clever...
6. Andrew Mann
Updating software on a computer is the kind of thing IT people do, most others don't. If it does the job why mess with it.
It srikes me that viruses are forcing people to upgrade. So who benefits from that ?
7. dumbfounded
explain this, why doesnt windows come with a virus scanner as standard? It could quite easily then be updated via the microsoft update system.
This would have stopped the virus from the start.
The amount of people who have come to me with these viruses who just dont have ANY form of protection installed astounds me, but then a majority of users dont have a clue about the workings of a PC, they just want it to work.
Come on Microsoft, create a 'total' operating system, not just the base.
8. anonymous
no offense, ms, but invest the .5 million in making the os more secure. bounties? been reading a little too many westerns recently? bounties? cheee!
9. anonymous
no offense, ms, but invest the .5 million in making the os more secure. bounties? been reading a little too many westerns recently? bounties? cheee!
10. John Thomas
How much money does microsoft have inversted in Anti virus companies ? And how much does it make everytime a new virus hits and people buy new antivirus software ? Probably a lot more the $500,000