Microsoft is also working with security researchers, domain name registrars, and the Internet Corporation for Assigned Names and Numbers (ICANN) in efforts to take down all of the servers that have been launching the Conficker attacks. ICANN is a non-profit corporation that oversees Internet addressing.
Greg Rattray, ICANN chief Internet security adviser said in a statement released last Thursday:
“The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together. ICANN represents a community that’s all about coordinating those kinds of efforts to keep the Internet globally secure and stable.”
The Conficker worm, also known as the Downadup worm, takes advantage of a critical bug in Microsoft’s Windows operating system, which was actually patched last October. However, since late December the worm has emerged as one of the worst computer threats in years while infecting more than 10 million systems worldwide. Some of the infected systems have been reported to be within the British and French military.
An editor for Hostexploit.com cybercrime research site that goes by the pseudonym ‘Jart Armin’ said that if the Conficker author lives in a part of the world that is soft on cybercrime such as Russia, the Ukraine, or Romania, it could be difficult to get a conviction.
The move by Microsoft to put a bounty on the authors head is a good one, and could be a new trend in tracking down authors of malicious workings, if implemented properly. It would be more logical than not to assume that the people behind writing code such as Conficker would also be the first to jump at $250,000 or any large cash sum before writing any nasty code. It would definitely drive these authors further underground if this was a regular practice as well.
This is also not the first time Microsoft has offered money for this purpose. In 2005 Microsoft paid out $250,000 to two people for a identifying Sven Jaschan, the teenager who wrote the Sasser worm. So this tactic has proved useful in past, let’s see how long it takes to get the Conficker man.