Welcome to WebmasterWorld Guest from 54.159.26.69

Forum Moderators: bill

Message Too Old, No Replies

Microsoft's $250,000 To Catch Author of Downadup Conficker Virus

     

engine

12:24 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Microsoft's $250,000 To Catch Author of Downadup Conficker Virus [news.bbc.co.uk]
A reward of $250,000 (172,000) has been offered by Microsoft to find who is behind the Downadup/Conficker virus.

Since it started circulating in October 2008 the Conficker worm has managed to infect millions of computers worldwide.

The software giant is offering the cash reward because it views the Conficker worm as a criminal attack.

"People who write this malware have to be held accountable," said George Stathakopulos, of Microsoft's Trustworthy Computing Group.

[edited by: engine at 3:56 pm (utc) on Feb. 16, 2009]

coopster

2:34 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Interesting. I can see the next episode on television already ...
Mouse the Malware Author Hunter

BillyS

3:34 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Senior Member billys is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Cool, a bounty on the creator... I sure this person didn't tell a "friend."

That's quite an incentive for a lot of people.

pageoneresults

4:36 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Senior Member pageoneresults is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Brilliant move on Microsoft's part. This may have just changed the game for miscreants.

Although Downadup is widespread its creators have yet to activate its payload to steal data or launch other attacks.

That would be a major concern and I'm sure that $250,000 bounty is a lot more than anyone may have earned from launching this attack. I know, it wasn't for the revenue but to further destroy Microsoft. It happens all the time. Just wait, once they've whittled away at the MS servers, Unix is next in line. You are not immune to this. ;)

I like the move on Microsoft's part and hope this is a new trend. That would surely change operations a bit. Are we going to see snitches turning up in the bay with concrete boots? Will the person who claims this $250,000k bounty have to go into a Witness Protection Program?

Either way, the person behind the attack has just been marked. The plot thickens. Next on MSNBC?

Internet's Most Wanted

swa66

4:46 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



How about MSFT looking in house first and consider their own liability for creating a system that's laughable easy to exploit in the first place ?

"Trustworthy Computing Group" IMHO is wishful thinking...

An autorun "feature" that you can't turn off without messing in the registry (which most of their paying customers are terrified of doing) and even then is a pain to be sure it's off. Add on top the vulnerability patched with MS08-067 ?

What's next: go after a user that clicked accept on the UAC prompts?

I'm by far not advocating a hacker shouldn't get his/her due for their crimes, but Microsoft should get their fair share of the liability for the broken software they sold and continue to sell. Offering a bounty feels like a distraction from that.

grelmar

6:13 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



That would be a major concern and I'm sure that $250,000 bounty is a lot more than anyone may have earned from launching this attack. I know, it wasn't for the revenue but to further destroy Microsoft.

I'm not sure either one of those statements is correct.

Often, malware writers are now closely tied to the bot herders and spam groups that use the bot-nets. It's a big money game. If you flip through the archives at F-Secure, they've done some interesting analysis of the economics of virus writing over the years. A highly successful virus can create a bot-net with potential revenue in the millions of dollars.

If properly managed, the Downadup/Conficker bot-net would definitely be in the high value category, due to it's vast size.

It's size may work against it though. Because it's so big, there's a lot of eyes watching the activity of the bot-net, just waiting for it to become activated. The writer may be biding his time to activate, or just abandoning it now that it's become so "hot".

People don't write viruses for the hell-of-it mental excercise reason anymore. They also don't write viruses to piss off MS. They do it because there's big money involved.

Webwork

6:23 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Administrator webwork is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Billions of dollars worth of wasted, otherwise productive, human hours - spent, invested, wasted - dealing with security patch after patch, removing malware, buying aftermarket security fixes, etc.

A $250,000 bounty to put the latest hacker out of business.

Somehow the math doesn't work for me.

Instead of a measly $250K bounty, which seems more show than substance, why not offer $5,000,000 as a bounty for submitting proof of a "~core vulnerability"?

I'm sure there are folks who just can't bring themselves to do MS any good, just as I'm sure there are those who see more value in a botnet than in $5MM. BUT IF that's the case then raise the offer to $10MM+. Make a compelling offer. Whatever the price the dollar cost has to be less than the costs incurred by those victimized by MS's endless stream of security issues.

Is there any doubt that we - MS users - have been caused to waste billions of dollars of our time and/or money dealing with security issue after security issue? All the while Microsoft Corporation has booked tens of billions of dollars of profit, year after year, profiting in large measure because MS Corporate wrote licensing agreements that immunized Microsoft from financial accountability for MS's lack of secure computing skill, planning or expertise.

[edited by: Webwork at 7:14 pm (utc) on Feb. 16, 2009]

CWebguy

6:54 pm on Feb 16, 2009 (gmt 0)

5+ Year Member



$250,000 always gets someone to talk.

jsinger

9:12 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Not the first time MS has offered a bounty to find a virus creator. Results: Zero.

Yep, I'd like to pitch in for a reward for someone inside MS who comes forward with the truth. My computer WAS up-to-date and I still got conficker.

$250k is penny ante when losses are in billions worldwide.

jsinger

9:22 pm on Feb 16, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Results: Zero.

Oops, maybe not...

"This isn't the first time Microsoft has offered such a bounty. In 2005, it paid $250,000 to two people for identifying Sven Jaschan, the teenager who wrote the Sasser worm."

BeeDeeDubbleU

2:00 pm on Feb 17, 2009 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I sure this person didn't tell a "friend."

No but he/she may have told a soon to be ex-friend. ;)

skibum

4:24 pm on Feb 17, 2009 (gmt 0)

WebmasterWorld Administrator skibum is a WebmasterWorld Top Contributor of All Time 10+ Year Member



That $250K should be a signing bonus so the creator can come explain to MSFT how to fix their systems.

CainIV

12:23 am on Feb 18, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



"So You Think You Can Hack"

nealrodriguez

3:28 pm on Feb 18, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



the ideal commercial for ms could show bill gates with a white cowboy hat and gold star on his chest saying something to the effect:

"there's a new sheriff in town," with a bulge on the side of his jaw full of chewing tobacco.

then he could post profiles of the hackers and call it 'microsoft's most wanted'

Essex_boy

1:13 pm on Feb 20, 2009 (gmt 0)

WebmasterWorld Senior Member essex_boy is a WebmasterWorld Top Contributor of All Time 10+ Year Member



$250,000 always gets someone to talk - Id hand myself in for that sort of money

JS_Harris

9:09 am on Feb 23, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



My first thought is... if Microsoft can't figure out where the virus came from how is any regular Joe supposed to?

My second thought is... Microsoft is supposed to be watching our backs and not vice versa!

My third thought is... Great, now other hackers are going to try and do something that results in a bigger bounty.

The other 500 thoughts are all along the lines of "LOLZ" and "Good Luck!".

 

Featured Threads

Hot Threads This Week

Hot Threads This Month