Kamis, 19 Februari 2009

Microsoft bounty for worm creator


fingerprint
Anyone with information is urged to contact the police


Since it started circulating in October 2008 the Conficker worm has managed to infect millions of computers worldwide.

The software giant is offering the cash reward because it views the Conficker worm as a criminal attack.

"People who write this malware have to be held accountable," said George Stathakopulos, of Microsoft's Trustworthy Computing Group.

He told BBC News the company was "not prepared to sit back and let this kind of activity go unchecked".

"Our message is very clear - whoever wrote this caused significant pain to our customers and we are sending a message that we will do everything we can to help with your arrest," said Mr Stathakopulos.

Arbor Networks said as many as 12 million computers could be affected globally by Conficker/Downadup since it began prowling the web looking for vulnerable machines to infect in October.

Malicious payload

The Conficker worm is a self-replicating program that takes advantage of networks or computers that have not kept up to date with Windows security patches.

It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer it digs deep, setting up defences that make it hard to extract.

USB drives, BBC
The worm can also spread via USB flash drives.

The worm slithers through networks by guessing usernames and passwords. Security specialists recommend hardening passwords by mixing in numbers, punctuation marks and capital letters.

The virus reports in to its creators for updates by visiting a web domain. It generates the name of the domain itself using a complicated code which security firms have cracked to track the growth of the worm and block its progress.

Malware such as Downadup can be triggered to steal data or turn control of infected computers over to malicious hackers which pool them into larger armies of so-called botnets.

These networks of compromised machines can be used to send spam, as dead drops for stolen or pirated data and to launch attacks on other machines.

Although Downadup is widespread its creators have yet to activate its payload to steal data or launch other attacks.

It has caused costly headaches for network administrators dealing with users locked out of their accounts when the worm correctly guesses a password.

While Microsoft says it does not know the intention of the worm's creator, it wants to ensure it does not wreak any more havoc.

Experts say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch - also known as KB958644.

Global response

Microsoft has also partnered with security companies, domain name providers, academia, internet companies such as AOL and others on a co-ordinated global response to the worm.

Discarded computers, AP
Millions of computers have been hit by Conficker

Also included is the US Department of Justice and the Department of Homeland Security.

"The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together," said Greg Rattray, chief internet security adviser at the Internet Corporation for Assigned Names and Numbers (Icann).

"Icann represents a community that's all about co-ordinating those kinds of efforts to keep the internet globally secure and stable."

Sasser worm

In 2003 Microsoft created its reward programme with $5m (£3.4m) in funding to help law enforcement agencies bring computer virus and worm authors to justice.

This reward for help in tracking the creators of Downadup is the first time in four years that the company has put up some cash in response to a worm outbreak.

Clock, BBC
Microsoft hopes its bounty has started the countdown to finding its creator

"We have not seen this type of worm or one of its class since 2004," said Mr Stathakopulos.

In 2005 Microsoft paid out $250,000 (£171,000) to two individuals who helped identify the creator of the notorious Sasser worm. The author was arrested and sentenced by the German authorities.

Rewards of $250,000 were offered over three other major computer worm threats known as Blaster, MyDoom and Sobig worms.

Those perpetrators have never been caught.


Label: