Microsoft puts price on virus writers' heads
Robert Lemos
CNET News.com
November 05, 2003, 08:35 GMT
Two $250,000 rewards are being offered for information that leads to the arrest of the MSBlast and SoBig authors
Microsoft will announce on Wednesday that it will offer two $250,000 (?148,960) bounties for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus, CNET News.com has learned.
The two programs attacked computers that run Microsoft's Windows operating system, causing havoc among companies and home users in August and September. The reward, confirmed by sources in both the security industry and in law enforcement, will be announced in a joint press conference with the FBI, the US Secret Service and Interpol that's scheduled for 10 a.m. (EST) on Wednesday.
The rewards are the first time a company has offered money for information about the identity of the cybercriminals.
"It's a new approach," said Chris Wysopal, a security researcher from digital security company @stake, who hadn't known about the bounties and was sceptical that they would work. "I don't think anyone has done this before."
Microsoft declined to comment until Wednesday.
The rewards mark the latest move by Microsoft and law enforcement to track down the people responsible for infecting hundreds of thousands of computers in August and September. The US Department of Justice, the FBI and Microsoft had earlier announced the arrests of two men who are suspected of modifying and releasing minor variations of the MSBlast worm.
The attacks were serious enough to hurt Microsoft's bottom line and help security companies post more profits.
MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 million computers, according to data from security company Symantec. The worm compromised computers by using a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier. The Sobig.F virus spread through email on 19 August, compromising users' computers with software designed to turn the systems into tools for junk emailers. A variant of the MSBlast worm, MSBlast.D, was intended to protect machines against the original program, but it ended up being so aggressive that the avalanche of data it produced shut down networks.
Sources who asked to remain anonymous said Microsoft would foot the entire bill for the bounties. Law enforcement typically neither condones nor disapproves of such rewards.
Security researchers gave the planned bounties mixed reviews.
"I think it is not a bad approach to counter the growing activity out there," said Peter Lindstrom, director of research for network protection company Spire Security. "People might criticise Microsoft for it, but it is a legitimate way to mobilise more folks to start analyzing their logs."
Despite nearly three months of intensive investigation, the FBI and Microsoft have only been able to track down two suspected bit players. The rewards seem designed to produce a mutiny in the close-knit circles of the hacker underground.
However, some researchers believed that such rewards might divert attention away from other efforts to add security that might defeat worms and viruses in the future.
"It doesn't solve the underlying problem of people being able to write worms like MSBlast," said one security researcher, who spoke with the condition of anonymity. "It doesn't quite equate accountability with being at the keyboard."
|