Microsoft 'excited' by the industry coming together as it offers $250,000 bounty for Conficker author

A reward of US$250,000 bounty for the Conficker worm author is 'exciting', according to Microsoft's Christopher Budd.

The Microsoft security program manager claimed that it was exciting for him ‘to see the industry come together to take an innovative, new approach to combating malware'. The company has announced a US$250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker worm.

Budd said: “The work that we've done with industry and academic partners and the additional information that we've provided all relate to the same thing: disrupting the Conficker worm's attempts to connect to domains on the internet after successfully attacking a system.

“By understanding the algorithm that the Conficker worm uses to generate the domain names that infected systems attempt to connect to, we can take steps to disrupt the Conficker worm by blocking access to those domains by infected systems.”

He claimed that working with ICANN and operators within the domain name system to proactively disable a significant number of domains that were infected by the Conficker worm has made information available about the algorithm.

Budd said: “It helps prove again that while threats may be evolving, so too is our response as an industry to these threats”

Graham Cluley, senior technology consultant for Sophos, said: “This development shouldn't surprise anyone. Microsoft's reputation is badly shaken whenever a computer virus causes widespread problems for its users.

“It's not been unusual in the past for prevalent malware to exploit weaknesses in the software giant's software (as was the case with Conficker), or pretended to be messages from Microsoft technical support.

“Offering substantial rewards cannot do any harm. If a culprit isn't found then Microsoft hasn't lost anything, and it may just entice some members of the computer underground to come forward with information. People considering releasing malware in the future should take careful note of this and think again.”

Microsoft has previously offered rewards for information on virus writers, with US$500,000 offered in November 2003 for the arrest and successful prosecution of the people behind the Blaster and Sobig worms.  A group of informants were paid US$250,000 in May 2004 after the arrest of Sven Jaschan, the teenage German author of the rampant Sasser and Netsky worms.

See original article on scmagazineus.com