Microsoft offers $250,000 Conficker bounty

gallery

Microsoft is putting up its own money in its attempt to combat the spread of the Conficker internet worm, also known as Downadup.

The software firm is offering anyone with information leading to the arrest and conviction of those responsible for the worm $250,000 (£172,330).

It has also teamed up with the domain name administrator, the Internet Corporation for Assigned Names and Numbers (ICANN), to take down the servers spreading Conficker’s attacks.

In a statement Greg Rattray, ICANN chief Internet security adviser, said late yesterday: “The best way to defeat potential botnets like Conficker is by the security and domain name system communities working together. ICANN represents a community that’s all about coordinating those kinds of efforts to keep the internet globally secure and stable.”

Microsoft first patched the critical bug in its Windows operating system that Conficker/Downadup exploits last October. But the spread of the network worm gathered pace through December to infect millions of PCs.

In the UK, the worm had reportedly affected the systems of the Ministry of Defence (MOD), as well as the National Health Service (NHS) IT systems of hospitals in Sheffield, towards the end of last year.

Although Microsoft’s move is unusual, it is not unprecedented. It paid out the same bounty in 2004 to two people who identified Sven Jaschan, the teenager responsible for the Sasser and Netsky worms.

And in 2003, Microsoft offered $500,000 (£344,660) for the arrest and conviction of the people behind the Blaster and Sobig worms. At the time it said it would earmark a further $4.5 million (£3.1 million) bounty to catch future virus writers.

Security firm Sophos welcomed news of the reward, but it questioned whether the amount on offer would be incentive enough to catch the worm’s writers.

Graham Cluley, Sophos senior technology consultant, said the offer could do no harm.

“If a culprit isn’t found then Microsoft hasn't lost anything, and it may just encourage some cybercriminals to come forward with information,” he added. “But, while a $250,000 reward has successfully caught teenage hackers in the past, the bounty may not offer enough temptation to inform on an organised criminal gang making big money out of malware.”

The security firm added that it was in Microsoft’s interest to keep the pressure on Conficker’s creators, as its reputation is always badly shaken whenever a computer virus causes widespread problems for its users.

Email to a friend

Print this page