Microsoft Slaps $250K Bounty On Conficker Worm 258
alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."
Re:The new business plan (Score:5, Interesting)
Microsoft: Release a mandatory patch to stop it... (Score:5, Interesting)
At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!
Malicious? (Score:3, Interesting)
'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'
Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.
cheaper to sue (Score:2, Interesting)
Re:"illegally" launching? (Score:5, Interesting)
Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.
Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.
I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz [ipdeny.com]
If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.
The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.
-JL
Re:The new business plan (Score:3, Interesting)