Microsoft is offering a $250,000 reward for information leading to the arrest and conviction for the cybercriminals responsible for the fast spreading Conficker/Downadup worm.
The Conficker/Downadup worm began spreading in November and attempted to exploit a Microsoft remote procedure call (RPC) flaw. Microsoft issued an out-of-band patch for the flow Oct. 28, but the worm quickly spread in organizations that were slow to deploy the patch. It also was designed to spread via USB sticks and other storage devices and could infect systems even if they are patched with Microsoft's MS08-067 update.
The Conficker author has yet to release a payload issuing orders to infected machines, and experts say a payload may never be delivered. In addition, organizations across the industry have organized to block the author from issuing orders.
"I personally believe that this may have been too successful," Vincent.Weafer, vice president of Symantec security response said of Conficker's speed in infecting computers which made it a high profile worm.
forms to battle Microsoft worm attack, $250K reward offered: A coalition of more than a dozen
organizations is working together to fend off the potential damage posed by the Conficker/Downadup
OpenDNS to step up fight against Conficker worm: OpenDNS is teaming with Kaspersky to bulk block Conficker worm domains, shutting off communication with the worm writer.
Microsoft Conficker worm hits peak, but payload awaits: Security researchers are fascinated by the spreading Conficker/Downadup worm, but are unsure what kind of damage it will do to corporate networks.
Malware authors typically want to remain under the radar of security organizations in order to quietly steal sensitive account information or credit card data. It's still unclear if the global economic crisis could result in an increase of malware. The most successful worms began spreading shortly after the dot com crash until security firms and organizations began warning about them, giving them greater visibility.
"Anytime you have an economy like this you're going to see more of this kind of activity," said David Frazer, director of technology services for F-Secure's North American division in a recent interview. "These things are all financially motivated."
It's not the first time that Microsoft has issued a bounty to crack down on virus writers. Microsoft offered $250,000 for the arrest and conviction of the Mydoom-B author and a similar reward for the Sobig virus author, the Blaster creator and Sasser perpetrator.
Microsoft created an antivirus reward program with an initial funding of $5 million in 2003. Residents of all countries are eligible for the reward, , according to the program's rules. A Microsoft spokesman said individuals with information about the Conficker worm should contact their international law enforcement agencies.
The reward has been paid out in the past for the conviction of the author of the Sasser worm, which infected computers worldwide, causing them to crash and reboot. In 2005, Sven Jaschan, then 19, was convicted and given a 21-month suspended sentence and community service for creating the Sasser worm. Two German men shared the $250,000 reward for the information that helped identify Jaschan.
In 2005, Blaster creator Jeffrey Lee Parson of Hopkins, Minn., was sentenced to 18 months in prison and 100 hours of community service by a U.S. District Court. Reports at the time said that Blaster infected 48,000 computers and caused an estimated $1.2 million in damage when it spread in August 2003. There were no rewards given following Parson's conviction.
Microsoft and a number of organizations including the SCO Group Inc., have offered up rewards for the Mydoom creator. So far no arrests have been made. The worm spread via an email attachment with different file extensions infecting victims' computers when they attempted to open the file.