Sign in with
Sign up | Sign in

Microsoft Puts $250K Bounty on Worm Author

By - Source: Tom's Hardware US | B 36 comments
Tags :

Microsoft is putting on the pressure in a movement that could see the catch of the Conficker worm author – the worst Internet worm outbreak in years. A bounty payment of $250,000 is on the table.

Microsoft is also working with security researchers, domain name registrars, and the Internet Corporation for Assigned Names and Numbers (ICANN) in efforts to take down all of the servers that have been launching the Conficker attacks. ICANN is a non-profit corporation that oversees Internet addressing.

Greg Rattray, ICANN chief Internet security adviser said in a statement released last Thursday:

The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together. ICANN represents a community that’s all about coordinating those kinds of efforts to keep the Internet globally secure and stable.

The Conficker worm, also known as the Downadup worm, takes advantage of a critical bug in Microsoft’s Windows operating system, which was actually patched last October. However, since late December the worm has emerged as one of the worst computer threats in years while infecting more than 10 million systems worldwide. Some of the infected systems have been reported to be within the British and French military.

An editor for Hostexploit.com cybercrime research site that goes by the pseudonym ‘Jart Armin’ said that if the Conficker author lives in a part of the world that is soft on cybercrime such as Russia, the Ukraine, or Romania, it could be difficult to get a conviction.

The move by Microsoft to put a bounty on the authors head is a good one, and could be a new trend in tracking down authors of malicious workings, if implemented properly. It would be more logical than not to assume that the people behind writing code such as Conficker would also be the first to jump at $250,000 or any large cash sum before writing any nasty code. It would definitely drive these authors further underground if this was a regular practice as well.

This is also not the first time Microsoft has offered money for this purpose. In 2005 Microsoft paid out $250,000 to two people for a identifying Sven Jaschan, the teenager who wrote the Sasser worm. So this tactic has proved useful in past, let’s see how long it takes to get the Conficker man.

Display 36 Comments.
This thread is closed for comments
Top Comments
  • 11 Hide
    Anonymous , February 13, 2009 9:58 PM
    "In the U.S., you can't profit from your crimes."

    Unless you are in Congress or in politics, then you can parlay not paying taxes into a position in the Obama administration. Or you could go to work for the Democratic machine in Illinois.

    But for the most part, you are right :) 
Other Comments
  • 8 Hide
    gm0n3y , February 13, 2009 7:51 PM
    Just have to say, great photo for the article.
  • 9 Hide
    m3kt3k , February 13, 2009 8:12 PM
    They do not state dead or alive... We need to know (starts loading my pistols)
  • -4 Hide
    antilycus , February 13, 2009 8:12 PM
    great now more stay at home nerds will continue to write retarded bad code, in hopes to have a bounty on their heads.
  • 0 Hide
    alvine , February 13, 2009 8:29 PM
    this is too funny.....dead or alive? they state that *taking rifle out of his closet*

    lololol
  • -4 Hide
    Anonymous , February 13, 2009 8:31 PM
    Wanna get rich? Say: "I did it!", go to jail for 2 years, and live off the 250K you just earned for 3 or 4 years!
  • -7 Hide
    dwaidwai , February 13, 2009 8:33 PM
    Haha well if it works it works. *Takes bazooka out his closet*

    http://dd4tech.blogspot.com
  • 3 Hide
    gm0n3y , February 13, 2009 8:51 PM
    I wish people would stop linking to their personal blogs in the comments.

    http://www.monkeywithswordsforhands.com
  • 3 Hide
    Mr_Man , February 13, 2009 9:24 PM
    ProDigit80Wanna get rich? Say: "I did it!", go to jail for 2 years, and live off the 250K you just earned for 3 or 4 years!

    You wouldn't go to jail, you'd go to prison, and if I know anything about what it's like to be in prison, I'm pretty sure $250,000 isn't worth 2 years in there to anybody.
  • 5 Hide
    saturn77 , February 13, 2009 9:24 PM
    ProDigit80Wanna get rich? Say: "I did it!", go to jail for 2 years, and live off the 250K you just earned for 3 or 4 years!

    In the U.S., you can't profit from your crimes.
  • -3 Hide
    jhansonxi , February 13, 2009 9:56 PM
    What is needed is a bounty on the developer who was responsible for the bug in the OS in the first place. It's like soaking yourself in gasoline and then complaining when someone downwind of you lights up a cigarette.
  • 11 Hide
    Anonymous , February 13, 2009 9:58 PM
    "In the U.S., you can't profit from your crimes."

    Unless you are in Congress or in politics, then you can parlay not paying taxes into a position in the Obama administration. Or you could go to work for the Democratic machine in Illinois.

    But for the most part, you are right :) 
  • 0 Hide
    ozarkamax , February 13, 2009 10:53 PM
    jhansonxiWhat is needed is a bounty on the developer who was responsible for the bug in the OS in the first place. It's like soaking yourself in gasoline and then complaining when someone downwind of you lights up a cigarette.


    except soaking yourself in gasoline is not due to human error/ oversight. your anger towards software developers seems unfounded.
  • 4 Hide
    NuclearShadow , February 14, 2009 2:43 AM
    The only reason why Sven Jaschan was ever found to be the author of NetSky and Sasser is because he bragged to friends. This won't be any different if they find those responsible. So its very unlikely that the authors will ever be found unless they are complete fools.
  • 1 Hide
    Milleman , February 14, 2009 2:45 AM
    "Some of the infected systems have been reported to be within the British and French military."

    Haven't those people learned anything about security? Amazing that they still doesn't use Linux in something that is important for their countries security.
  • 0 Hide
    Humans think , February 14, 2009 12:45 PM
    Rab1d-BDGR is this a molex to sata connector in your avatar? lol
  • 6 Hide
    p05esto , February 14, 2009 4:47 PM
    I resent the comments jhansonxi made from the depths of my heart. As an imperfect human and developer it's impossible to write perfect code - IMPOSSIBLE. Go after the people trying to do harm and don't even mention holding the OS developers accountable you bastard. I guarantee Microsoft Windows is one complex little bit of code and I'm sure the developers try their very best.

    Microsoft offering the bounty is pretty cool in my opinion. They have class, balls and the financial stability to pull it off. More of us need to stand behind Microsoft, for all the bashing they get they are a good company and have done more for computing than probably all other companies combined.

    *I don't work for them and am not a fanboy despite my pro comments here.
  • -3 Hide
    jaragon13 , February 15, 2009 12:43 AM
    p05estoI resent the comments jhansonxi made from the depths of my heart. As an imperfect human and developer it's impossible to write perfect code - IMPOSSIBLE. Go after the people trying to do harm and don't even mention holding the OS developers accountable you bastard. I guarantee Microsoft Windows is one complex little bit of code and I'm sure the developers try their very best.Microsoft offering the bounty is pretty cool in my opinion. They have class, balls and the financial stability to pull it off. More of us need to stand behind Microsoft, for all the bashing they get they are a good company and have done more for computing than probably all other companies combined.*I don't work for them and am not a fanboy despite my pro comments here.

    oh my god it's the savior
  • -3 Hide
    1raflo , February 15, 2009 1:56 AM
    jhansonxiWhat is needed is a bounty on the developer who was responsible for the bug in the OS in the first place. It's like soaking yourself in gasoline and then complaining when someone downwind of you lights up a cigarette.


    Its obvious that you dont have idea how to write code,and what it means.
  • -3 Hide
    Anonymous , February 15, 2009 8:27 AM
    Jhansonxi what your saying is the person who wrote the worm did it by complete accident. . . .
  • 1 Hide
    Tindytim , February 15, 2009 11:32 AM
    jhansonxiWhat is needed is a bounty on the developer who was responsible for the bug in the OS in the first place. It's like soaking yourself in gasoline and then complaining when someone downwind of you lights up a cigarette.


    No, it's more like accidentally spilling some gas on your pants while filling up your car, then getting pissed because some immature ass, with a hairspray blowtorch, decided to light you ass on fire.

    You didn't intentionally get gas on yourself, but some ass not only intended to light you on fire, but did it to be malicious.
Display more comments