Page last updated at 08:42 GMT, Friday, 13 February 2009

Microsoft bounty for worm creator

By Maggie Shiels
Technology reporter, BBC News, Silicon Valley

fingerprint
Anyone with information is urged to contact the police

A reward of $250,000 (172,000) has been offered by Microsoft to find who is behind the Downadup/Conficker virus.

Since it started circulating in October 2008 the Conficker worm has managed to infect millions of Windows computers.

The software giant is offering the cash reward because it views the Conficker worm as a criminal attack.

"People who write this malware have to be held accountable," said George Stathakopulos, of Microsoft's Trustworthy Computing Group.

He told BBC News the company was "not prepared to sit back and let this kind of activity go unchecked".

"Our message is very clear - whoever wrote this caused significant pain to our customers and we are sending a message that we will do everything we can to help with your arrest," said Mr Stathakopulos.

Arbor Networks said as many as 12 million computers could be affected globally by Conficker/Downadup since it began prowling the web looking for vulnerable machines to infect in October.

Malicious payload

The Conficker worm is a self-replicating program that takes advantage of networks or computers that have not kept up to date with Windows security patches.

It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer it digs deep, setting up defences that make it hard to extract.

USB drives, BBC
The worm can also spread via USB flash drives.

The worm slithers through networks by guessing usernames and passwords. Security specialists recommend hardening passwords by mixing in numbers, punctuation marks and capital letters.

The virus reports in to its creators for updates by visiting a web domain. It generates the name of the domain itself using a complicated code which security firms have cracked to track the growth of the worm and block its progress.

Malware such as Downadup can be triggered to steal data or turn control of infected computers over to malicious hackers which pool them into larger armies of so-called botnets.

These networks of compromised machines can be used to send spam, as dead drops for stolen or pirated data and to launch attacks on other machines.

Although Downadup is widespread its creators have yet to activate its payload to steal data or launch other attacks.

It has caused costly headaches for network administrators dealing with users locked out of their accounts when the worm correctly guesses a password.

While Microsoft says it does not know the intention of the worm's creator, it wants to ensure it does not wreak any more havoc.

Experts say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch - also known as KB958644.

Global response

Microsoft has also partnered with security companies, domain name providers, academia, internet companies such as AOL and others on a co-ordinated global response to the worm.

Discarded computers, AP
Millions of computers have been hit by Conficker

Also included is the US Department of Justice and the Department of Homeland Security.

"The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together," said Greg Rattray, chief internet security adviser at the Internet Corporation for Assigned Names and Numbers (Icann).

"Icann represents a community that's all about co-ordinating those kinds of efforts to keep the internet globally secure and stable."

Sasser worm

In 2003 Microsoft created its reward programme with $5m (3.4m) in funding to help law enforcement agencies bring computer virus and worm authors to justice.

This reward for help in tracking the creators of Downadup is the first time in four years that the company has put up some cash in response to a worm outbreak.

Clock, BBC
Microsoft hopes its bounty has started the countdown to finding its creator

"We have not seen this type of worm or one of its class since 2004," said Mr Stathakopulos.

In 2005 Microsoft paid out $250,000 (171,000) to two individuals who helped identify the creator of the notorious Sasser worm. The author was arrested and sentenced by the German authorities.

Rewards of $250,000 were offered over three other major computer worm threats known as Blaster, MyDoom and Sobig worms.

Those perpetrators have never been caught.

Print Sponsor


SEE ALSO
Clock ticking on worm attack code
20 Jan 09 |  Technology
Sasser net worm affects millions
04 May 04 |  Technology
Hunt is on for Sasser worm writer
05 May 04 |  Technology
Teen charged over Sasser virus
09 Sep 04 |  Technology
Q&A: Stay safe online
17 Nov 08 |  Technology
Windows worm trickery for Vista
21 Jan 09 |  Technology
Alarm raised on teenage hackers
27 Oct 08 |  Technology
New Windows virus hits computers
28 Oct 03 |  Technology
Taming the Wild West of viruses
11 May 04 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific