Forgot your password?
typodupeerror
The Almighty Buck Microsoft Security Worms

Microsoft Slaps $250K Bounty On Conficker Worm 258

Posted by timothy
from the sic-the-french-air-force-on-'em dept.
alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."
This discussion has been archived. No new comments can be posted.

Microsoft Slaps $250K Bounty On Conficker Worm

Comments Filter:
  • by 140Mandak262Jamuna (970587) on Thursday February 12, 2009 @07:04PM (#26835665) Journal
    1. Write malware for windows

    2. Give it to a bunch of script kiddies anonymously in bulletin boards.

    3. ...

    4. Turn them in to MSFT for the bounty.

    5. Profit

    • Re: (Score:2, Funny)

      by Fluffeh (1273756)
      ICanHaSSkript?

      No do homewerks?
      • by shanen (462549)

        Naw, it's just Microsoft's business plan to buy a reputation, cheap.

        Actually, only based on the news reports I've already read, Microsoft's reward is already tiny compared to the initial reactive damages caused by Microsoft's sloppy programming and very unsloppy but aggressive marketing to make sure the danger is as widespread as possible. So far the damage (that I've heard about) has just been networks being shut down to try and clean the worm out--but if this thing actually has a hostile payload...

        Imagine

        • Re: (Score:3, Funny)

          by c6gunner (950153)

          Imagine a distributed supercomputer two orders of magnitude larger than Roadrunner. Whoops, no imagination required. We already have it--and no one knows how hostile it is.

          OMFG, IS SKEYE NET!!!

        • I GOT HIM! (Score:3, Funny)

          by Kent Recal (714863)

          Hey, I GOT HIM. Even made a photo [appleinsider.com] for you.
          Now sack him and send the bounty to my paypal please.

          This is the guy who is currently officially responsible for windows being vulnerable to worm and malware attacks.
          There have been others in the past but your bounty explicitly asks for the person responsible for this current "conficker" worm, so here you go.

          • by shanen (462549)

            Actually, as I thought about it some more, what Microsoft should offer to pay for is a copy of the source code of the worm. That would provide the mechanism to deal with it--possibly. Of course, they couldn't do that in public. They'd motivate multitudes of script kiddies to try and strike it rich with a big payoff for a few hours of coding.

            • Re: (Score:3, Insightful)

              by Kent Recal (714863)

              I don't think microsoft has an interest to deal with it in any way. This is a PR-effort to distract from where the blame should really go. Even if they "dealt" with this worm and its attack vectors in some way - the next worm is just around the corner. The security model in windows is just fundamentally broken, thus we'll continue to see worm attacks and pointless bounties.

      • by Airw0lf (795770)

        ICanHaSSkript? No do homewerks?

        No but I'll give you a cheeseburger, ok?

    • by Locke2005 (849178) on Thursday February 12, 2009 @07:13PM (#26835825)
      My thoughts exactly. If hackers can now make big bucks by writing worms then framing someone else for turning them loose on the world, doesn't that provide a powerful incentive to write more worms???
      • by John Hasler (414242) on Thursday February 12, 2009 @07:59PM (#26836545) Homepage

        They also have to successfully pull off the "framing" part. The authorities are not unfamiliar with the idea that their informants may be lying for the reward.

        • Re: (Score:3, Interesting)

          by Narpak (961733)
          I guess that is kinda the idea behind an Investigation and a trial. Do collect evidence, examine evidence, ensure that said evidence is correct, then present it in a court for consideration. Just putting out a bounty doesn't mean hackers can "just frame someone" and then collect the reward. In fact, under the current set of laws, framing someone would be a far more serious crime than the worm itself.
    • Re: (Score:2, Funny)

      by segedunum (883035)
      Well, if it was good enough for Clint then it's good enough for the rest of us.
    • Re: (Score:2, Informative)

      by guyminuslife (1349809)

      Because no one will ever suspect that the guy with the advanced degree, antisocial personality disorder, questionable source of income, and miraculous discovery of "the real hackers," would have had anything to do with it.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Every day I feel the internet looks more and more like the wild wild west....

      A bunch of so called hackers doing whatever they want, with no law to control them.... and now, bounties....

      Now we just need a blondie to come up and collect fake bounties.

    • Re: (Score:2, Informative)

      by RINGSMUTH (1435893)

      Step 1: Russia hires you to program malware for $50K a year.

      Step 2: Russia lets malware loose.

      Step 3: ...

      Step 4: Russia turns you in for $250K.

      Step 5: Russia = Profit!!!

    • 1. Write an operating system and spend seven minutes making it secure
      2. Sell it to a bunch of VPs, CTOs and OEMs from arm's length.
      3. ...
      4. Offer seven minutes worth of earnings [thevarguy.com] to whoever catches "the bastard" that tried to rain on their parade
      5. Profit!

  • Pirates of the Indian Ocean were asking for multi-millions. 10 million zombie PC's are worth more than $250K. Dig deeper MS.
  • by djce (927193) on Thursday February 12, 2009 @07:09PM (#26835737) Homepage
    Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty.
    • by Actually, I do RTFA (1058596) on Thursday February 12, 2009 @07:11PM (#26835769)

      Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty

      Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

      • You're lucky if it's the legal system that catches you, and not some Russian entrepreneur with a grudge. They may be a bit more efficient.
      • Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

        If you've ever watched Nancy Grace, you'd apply that to America, too.

    • Re: (Score:2, Insightful)

      by tribecom (1005035)
      apologist for malware authors ... tough gig
    • The laws of the jurisdictions where the infected pcs are located apply no matter where the thing was launched from.

      • Really? Then how will you extradite them if they're from someone where it wasn't illegal? Worse, how will you even find a competent prosecutor for computer crime?

        The US record for convicting people for computer crime is, historically, awful. Even when they catch the guilty parties in the act, they traditionally attempt to try them for the wrong crime, fail to gather enough evidence to convince a judge or a jury as they run afoul of uncooperative schools where students have been active in criminal behavior,

    • You misunderstood. This is not a bounty for their arrest.
      It is a recruitment bounty so they can teach them to make software that is not so full of holes you would mistake it for a premise for war or something.

    • by gad_zuki! (70830) on Thursday February 12, 2009 @08:23PM (#26836893)

      First off, all politics is local. My local laws apply to what you do to me or my equipment in my jurisdiction. On top of that, in civilized countries all this shit is illegal. Remember the sasser worm? MS paid out a 250k bounty and the author was revealed to be a German who was later convicted.

      Secondly, its not too hard to figure out who did this. A lot of these trojans wont install if your default language is Russian. How odd, eh? Essentially, this is a hand out to the Russian government because it protects and profits from its industry of malware writers, most notable The Russian Business Network. [wikipedia.org] These guys arent getting caught. They have the full protection of the Russian government. MS and the rest know this, but they also know that money talks and a high profile defector would be good for the cause.

      Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

      • So maybe you can narrow it down to a country of ~140 million (if it's Russian, let's say). That's still far from figuring out exactly who did it.

      • by ndege (12658) on Thursday February 12, 2009 @09:54PM (#26837929)

        Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

        Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.

        I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz [ipdeny.com]

        If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.

        The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.

        -JL

        • by gad_zuki! (70830)

          I do this at work too. Instead of the received email being 90% spam its only 40%. Weighted blacklisting takes care of the rest. No content filtering at all.

          Im tempted to put the same rules into the windows firewall for my relative's and friend's computers. They wont notice and it might save them from malicious sites. A more diplomatic approach would be something Web of Trust firefox extension, but some type of realtime blacklist for malicious servers and botnet zombies sounds like a good idea.

        • by jfim (1167051)

          Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US

      • by SL Baur (19540)

        Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

        You are putting blame on the wrong shoulders.

        I'll admit that I caught a virus once - it was a boot sector virus that some idiot brought into the office and infected a floppy disk that we used to boot to get at a stupid MS-DOS only configuration program for an ethernet card. Didn't do anything to me, my equipment was running Linux.

        Perhaps it's time to firewall off Redmond, WA. It certainly would fix the problem.

    • by SkyDude (919251)
      If you can, look up the term "prima facie".

      Here, this will help you [wikipedia.org]

    • I'm sorry, but I have trouble imagining a reason for releasing this for any reason that would not still be illegal (or at least still should be illegal). There are lots of things that are legal for me to do that become illegal when they cause harm to others.
    • by Z00L00K (682162)

      It was launched by the operating system. So I would call that bounty on the person responsible for Autorun/Autolaunch functionality in Windows.

      If you provide functionality that can be abused - it will.

  • by Elektroschock (659467) on Thursday February 12, 2009 @07:10PM (#26835757)

    These guys abuse a problem but they also raise awareness for a security problem Microsoft has put into existance through its operating system software. This company should pay and offer its customer to remove the worm for them and compensate them for all the costs caused by their defect software. The guys just exploited the weakness.

    Though Microsoft offered a patch I don't remember that Microsoft actively informed its customers about the defects of its software and apologised to me or that my hardware vendor recalled the hardware.

    • by The Cisco Kid (31490) on Thursday February 12, 2009 @07:17PM (#26835897)

      Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software produced by MS is riddled with "defects", is either not paying attention or is seriously brainwashed.

    • So who foots the bill for someone exploiting an apache hole? Does it come out of the support fund? Sounds like a very dangerous precedent to me.
    • by transporter_ii (986545) on Thursday February 12, 2009 @07:28PM (#26836061) Homepage

      Yeah, after reading the Slashdot article a couple of days ago on not running as an Admin on Windows, I decided to play around a little.

      I found that even though XP Pro lists only the options of running as an Admin or a User, there is in fact a fairly simple way to run as a "power user," which is not as restrictive as a normal user (fairly simple but not fairly obvious way).

      I've set up some domains for Windows server 2003, but I had really never looked at how much you could do with XP, and actually, you can do quite a few of the same things in the group policy settings.

      However, all this goes right out the window on XP Home.

      Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

      Also, for a project I'm working on, I was looking to secure just the ability to change some network settings. On Linux, what I wanted to do was trivial. On Windows, it was almost impossible without busting the user down from running as an admin...and then program after program fails to work correctly.

      Again, Microsoft deserves everything they are getting.

      • Re: (Score:2, Troll)

        And I suppose all the Windows users deserve what they are getting?

        I'm not defending Microsoft's holes in its code, but to say "Too bad, Microsoft" and ignore that many innocent users use it is pretty ... well, kinda goes back to the annoying Linux attitude that people complain about, I guess.

        I like and use Linux. But I would rather not like to have Linux give the same "better than you" vibe that Mac does at the moment...

        Probably offtopic or troll. Oh well.

        • by techno-vampire (666512) on Thursday February 12, 2009 @07:52PM (#26836465) Homepage
          And I suppose all the Windows users deserve what they are getting?

          Like you, I love and use Linux, but I don't think that Windows users shouldn't have an OS that's as easy to secure (and use in a secure way) as you and I do. It can be argued, however, that Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

          • Re: (Score:3, Insightful)

            Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

            Demanded or not, just like Linux, this was a security problem that was found and a patch was released to the public. Users either refused to install the patch or had Windows Update disabled for a variety of stupid reasons.

            When the ax falls, who are people going to blame? Certainly not themselves.

      • by jaseuk (217780)

        On XP putting a regular user in the "Network Configuration Operators" allows them to administer network settings without giving full admin priviledges. The power users group is all but an adminstrator anyhow.

        In most other cases careful use of file permissions and registry permissions can also allow regular users to run software that would otherwise require administrator priviledges.

        The programs that break down are not following guidelines that have been well established by Microsoft for many years, pretty

        • I understand why you would remove Power User and Admin from standard users and do configuration to get their legacy software to work as a normal user.

          May I ask why you would restrict your developers (usually a tech-savvy person) to a standard user? I can see removing Admin of course, but Power User also? It really seems like that would make writing software a nightmare for the developer. We have a "dummy login" that we switch to when we want to test that permissions have been programmed correctly.

          Ju

      • by gad_zuki! (70830) on Thursday February 12, 2009 @08:14PM (#26836763)

        >Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

        Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this. People are surprised their 10 year old software that writes to c:\temp doesnt work anymore. Now that there's an NT ecosystem of software out there (write to profile area, not to system area when running), its easier for MS to do this. Shame that even the good changes MS does is received with the same old bellyaching.

        >Also, for a project I'm working on, I was looking to secure just the ability to change some network settings

        You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.

        >Again, Microsoft deserves everything they are getting.

        MS is a company. It doesnt feel pain or shame. Right now the people feeling the pain are innocent users. Perhaps you should have a little sympathy for them.

        • >Also, for a project I'm working on, I was looking to secure just the ability to change some network settings

          You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.

          Reading comprehension isn't your strong suit, is it?

          He doesn't want to give them the right to change network settings. He wants to take away the right to change network settings, without "busting the user down from running as an admin."

          In other words, allow them to do anything except change network settings.

      • I swear last time i setup XP it was home and there was a power user setting under the hidden user contols menu (ControlUserPasswords2.ccp i think)

  • by Culture20 (968837) on Thursday February 12, 2009 @07:14PM (#26835835)
    Microsoft, release a mandatory update to turn off auto-run/play, and show a reoccuring opt-out prompt on login that explains that auto-run is turned off, and the risks of turning it back on.

    At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!
  • Since when has ICANN been providing DNA?

    • Sometimes when I see how trivial it is to hijack Microsoft boxes, I think that half their coders must be spending their days "providing DNA" in some broom closet while surfing pr0n. For fuck sake, Microsoft has fairly unlimited resources. If they really WANTED to clean up their security act, they could.

    • by Yvan256 (722131)

      Icann haz worm plz?

  • Malicious? (Score:3, Interesting)

    by HTH NE1 (675604) on Thursday February 12, 2009 @07:29PM (#26836095)

    'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'

    Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

    • Re: (Score:2, Insightful)

      by OverlordQ (264228)

      How is it not malicious already? It downloads and spreads unknown crap without peoples knowledge.

      • by HTH NE1 (675604)

        Where is the malice? Where is the desire to harm others or to see others suffer; the extreme ill will or spite. Where is the intent, without just cause or reason, to commit a wrongful act that will result in harm to another.

        Malicious? I'd be stretching it to even call it malevolent. It's just trespassing. You may not want it there, but it isn't doing anything really harmful yet. Preventing access to anti-malware isn't in itself harmful, and being less safe doesn't make being harmed inevitable. Not wearing a

    • Re:Malicious? (Score:5, Insightful)

      by StikyPad (445176) on Thursday February 12, 2009 @07:37PM (#26836217) Homepage

      Using my resources without my consent is malicious.

    • Re: (Score:3, Insightful)

      by John Hasler (414242)

      > Has Conficker done anything malicious yet?

      Installing it on someone's pc without their knowledge or permission is malicious. So is blocking access to antivirus sites. So is using said pc to attack other machines.

    • The mere act of unauthorized installation is malicious.

    • erm... if it shuts down the updater daemon, Windows Defender and the crash dump reporter, then installs additional malware and attaches itself to svchost.exe, explorer.exe and services.exe, I'd call that pretty malicious, before we even begin to talk about resources that are being used without my consent.

    • by drinkypoo (153816) <martin.espinoza@gmail.com> on Thursday February 12, 2009 @07:54PM (#26836485) Homepage Journal

      Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.

      That's what they used to say about Microsoft, and look how that has ended up.

    • by gad_zuki! (70830)

      >It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

      How is that non-malicious? If you stole my car to drive you grandma to church its still theft. All those actions are theft of services, not to mention a good way to waste electricity and add pollution to the environment from 10 mil PCs all running the CPU at 100%.

    • by Culture20 (968837)

      Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.

      1. Extend
      2. Embrace
      3. then Extinguish
    • Has Conficker done anything malicious yet?

      Are you kidding? From Microsoft's point of view it has done the WORST possible thing. Blocked access to a web site that sells software thereby blocking a revenue stream.

    • Re: (Score:2, Flamebait)

      by c6gunner (950153)

      Has Conficker done anything malicious yet? ... It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut do

      Funny you should mention that ... back when I was still protected by the young offenders act, I made a trojan which essentially did just that. Got 3,000+ computers on it - you should have seen the Seti@Home work units rolling in ...

      Thinking back on it, though, I agree with everyone else -

    • by shanen (462549)

      Even without doing anything beyond installing itself, it has already done a lot of expensive damage. I've already read of two cases where networks were shut down because of infections that needed to be contained. One of the affected networks was the municipal court system of Houston. That outage was at least several days long, though I'm not sure how you assess the total cost of the damage. You can't just limit it to the technical staff time, but you have to add in for the remedial time, and the cost of shu

  • "as you wisshh"

  • by mkcmkc (197982) on Thursday February 12, 2009 @07:37PM (#26836219)

    US$398 to fix security problems with their software...

  • They need to offer upwards of 5 to 10 million dollars. With a bounty of $250,000 I don't think they will be caught. And $10 million is chump-change for Microsoft... they buy laws for more than that.

  • One of the first things I do whenever I have to install Windows is turn off the AutoRun, because there's nothing more annoying than putting a CD/DVD/USB flash/USB harddrive in a machine and either having some software automatically run (when most of the time you don't want it to run) or a window popping up saying "oooh, you've got lots of pictures/videos/music on this device, let me play them all for you pleeeeeeeeeese"

    So back to my post title, if a Skynet equivilant does decide it wants to rule us, it wi
  • cheaper to sue (Score:2, Interesting)

    by init-five (745157)
    When MS learns how to write secure code for less money than what they offer to catch the script kiddies they would do the former. I wonder what happens to the MS coder/team that is responsible for the exploit?
  • by nsayer (86181) * <(nsayer) (at) (kfu.com)> on Thursday February 12, 2009 @08:13PM (#26836755) Homepage

    DNA providers such as ICANN, ORG, and NeuStar

    Hey, I'm a DNA provider too, baby.

    • Re: (Score:3, Funny)

      by couchslug (175151)

      "Hey, I'm a DNA provider too, baby."

      They can have my DNA when they pour it from my cold, dead keyboard.

  • by w0mprat (1317953) on Thursday February 12, 2009 @09:48PM (#26837829)
    I was thinking about this, and thought of a way to counter this threat...

    Patch the vulnerability!

    Who do I see about dropping off my resume?
  • oops (Score:5, Insightful)

    by Anonymous Coward on Thursday February 12, 2009 @09:57PM (#26837949)

    The worm authors made just one mistake... they were far too successful. They wanted a botnet. Maybe a few thousand computers. Maybe 10 - 20 thousand.

    Instead, they wrote a fast spreading worm that infected millions of computers.

    What's the difference? The guys who infect 10,000 computers are small fries, and no one is going after them. Infect millions of computers though, and every computer crime agency on the planet will be after you...

  • by pyrrhonist (701154) on Thursday February 12, 2009 @10:08PM (#26838047)
    From the article:

    Symantec, which is contributing its malware-analysis expertise to the group, believes there are two main versions of Conflicker, "Flavor A" and "Flavor B,"

    The flavors were determined using LOLCATS. True story.

  • We'll find the terrorists.

  • It has been slowly but surely spreading since November.

    If 4 million installs a month is slow then what is fast? Vista? ORLy?

  • Girls who want intelligent babies pay more than that for my sperm. Only the half-wits at Microsoft could imagine that the guilty parties (and the people who know them) carry less than $250,000 in their wallets.

Save yourself! Reboot in 5 seconds!

Working...