Microsoft Offers $250,000 Reward For Botnet Info 99
Orome1 writes "Microsoft decided to extend their efforts to establish the identity of those responsible for controlling the Rustock botnet by issuing a $250,000 reward for new information that results in the identification, arrest and criminal conviction of such individual(s). 'While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.' Residents of any country are eligible for the reward pursuant to the laws of that country."
Re: (Score:1)
What?
Fixed (Score:2)
"Microsoft decided to extend their efforts to establish the identity of those responsible for controlling the Rustock botnet by issuing a $250,000 reward for new information that results in the identification, apprehension and crucifixion of such individual(s).
There. That's what they should have said.
I wonder if the $250,000 reward (Score:1, Insightful)
will successfully direct attention away from Microsoft's failure to secure their operating system?
Re:I wonder if the $250,000 reward (Score:5, Insightful)
The only secure operating system is one not connected to any network, locked in a closet with no user interface.
Re: (Score:1)
No one expects the Spanish Inquisition
Re:I wonder if the $250,000 reward (Score:5, Funny)
Pfft. You call that secure?
You want secure, you need to fill all USB/PS2/VGA/HDMI ports with epoxy, encase the individual HDD platters in concrete, and hide each one in a separate underground ruin guarded by an ancient eldritch horror spread across the entirety of Hyrule -- After memorizing and putting into practice all relevant entries on the evil overlord list.
THAT'S security.
Re: (Score:2)
That's because he skipped the "Evil Overlord" step. Might as well have just set it up with "admin/pass" as its credentials...
Re: (Score:2)
A seasoned hacker will break your security with little effort. What about the disks with durable encryption that lasts for millennia with keys taken by recording data from pulsars?
Re: (Score:3)
Re: (Score:2)
All over Hyrule? All you need to do is put them in the water temple. That place was just cruel.
Re: (Score:1)
Re: (Score:3)
You get levels though. 99% secure or 99.99999% secure is a huge difference.
Re:I wonder if the $250,000 reward (Score:5, Insightful)
Yes, but there are conservative configurations and best practices that avoid most of the problems. And Microsoft ignored these things for years. Even today, they think that inbound blocking on client systems not on a trusted domain is enough. You can go anywhere that there are windows clients (airports are great candidates), and you'll see all kinds of friggin' netbios broadcasts from machines that KNOW they are on an untrusted network. WHY?
Re: (Score:2)
You can go anywhere that there are windows clients (airports are great candidates), and you'll see all kinds of friggin' ARP broadcasts from machines that KNOW they are on an untrusted network. WHY?
FTFY. And yea, those broadcasts are really an indicator of terrible security.
Re: (Score:1)
You wouldn't be talking about GNU/Hurd would you?
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Nothing has to be 100% secure. You can still make things a whole hell of a lot more secure than MS enables people to reduce things to. It's not like MS products are entirely insecure, it's more that they let users reduce their own security, which is still MS's fault.
Re: (Score:3, Informative)
Re: (Score:1)
Re: (Score:2, Insightful)
no worries.. there's always people like you to make sure the fud stays front and center..
Re: (Score:2)
Re: (Score:2)
will successfully direct attention away from Microsoft's failure to secure their operating system?
Seems like they're getting almost zero attention now for it (possibly deservedly so). Hard to get much lower than zero, or even get to zero. So no, it won't, and were that the goal it would be laughable.
Re: (Score:3)
You know what would successfully kill off all these botnets ? If MS held a "piracy amnesty day" where everyone could bring in their PC to a team of volunteer geeks and have them install a legit and fully patched version of Windows in place of the virus ridden downloaded hacked version they have. 1 day, good PR and all they need to do is eat the virtual cost of the pirated versions.
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
Does anyone remember the huge outcry and fear and tinfoil hatting when it was announced that Windows 7 would require driver signing by default? Microsoft gets blamed for anything that takes away control of the computer from the end user, but they also get blamed for the results of whatever every stupid end user happens to do.
If you even think that secure defaults would prevent these kinds of proble
Re:He's somewhere on earth. (Score:5, Funny)
would love to see some statistics on this (Score:2)
I wonder if they rake in 250k a month (or week) renting such a botnet? May start leading to some entertaining extortion...
Re: (Score:2)
I wonder if they rake in 250k a month (or week) renting such a botnet? May start leading to some entertaining extortion...
Well ...
1. It's a REALLY bad idea to try and extort criminals.
and
2. Personally, I'd rather report it Microsoft anyway. $250k is a big enough reward to allow morality to win out over greed ;)
Re: (Score:2)
It's also a really bad idea to do something that lands a $250k bounty on your head. But they do it anyway because it's get-rich-quick. Besides, it's going to be more criminals doing the extorting, they're used to shady, dangerous deals.
It'll happen. Or it'll get tried. Probably more than once. At the very least, it'll raise the herder's paranoia a notch or two. (and I mean in the plural, these nets aren't being run by some recluse in his basement, t
Get a rope! (Score:2)
That there's some seeeeerious cash. Obviously, it's time to form us up a posse and find these mofos. Who's in boys (and girls)??!!
This a Faustian bargain, isn't it? (Score:4, Insightful)
Let me guess, you get the $250,000 in pennies? Or maybe you get it, only to die an hour later?
Re: (Score:2)
Any penny made during 1982 and later is only copper coated zinc.
Not nearly as valuable.
Re: (Score:3)
As of January 14, 2011 the metallurgical value of the copper in pre-1982 bronze and brass cents is 289% of their face value. Post-1982 copper plated zinc cents have a metallurgical value of 64% of their face value.
Have fun with your 62,500 kilograms of dead weight.
Re: (Score:2)
No they'll send you a money order. And some recommended places to invest some of it.
Re: (Score:1)
Re: (Score:1)
Well, we can always take solace in the fact it wasn't Windows ME....
The Ultimate Irony (Score:1)
Re: (Score:2, Insightful)
If I had a spare $250k laying around I'd pay to see that.
With that sort of priority, it shouldn't be any surprise that you do not have a 'spare $250K laying around', in the first place.
I got it. (Score:3)
Cheaper than... (Score:1)
Hiring a security team/ firm to go do it for them. But Microsoft forgets... the internet community hates you, maybe they could enlist the fine people who made Windows Vista as a reminder.
nice try (Score:3)
Not every problem can be solved by throwing money at it, as Murdoch has learned.
Does Micro$oft have any other resources that could be applied to the problem?
Re:nice try (Score:5, Insightful)
Re: (Score:2)
On the other hand, a lot of problems can be solved by throwing money at them. If I "knew a guy" who ran a botnet, you can bet that I'd sell his ass to Microsoft for five years' salary.
Your salary sucks.
Maybe, but hardly unusual for those who work outside the tech sector.
Re: (Score:3)
Re: (Score:2)
Isn't this really similar to the program where they get disgruntled ex-employees to report incidents of pirated software in the workplace?
Re: (Score:1)
I don't suppose (Score:3)
a $250,000 reward for new information that results in the identification, arrest and criminal conviction of such individual(s)
I don't suppose "MS, your security sucks" would qualify as new information, although that's "who's" ultimately responsible for the success of this botnet. Oh well.
Re: (Score:2)
I don't suppose "MS, your security sucks" would qualify as new information, although that's "who's" ultimately responsible for the success of this botnet. Oh well.
Thank you for that "information". Your reward is a free kick in the balls with a frozen mukluk. Please post your address in a followup comment. Expedited delivery is available at a cost of $15. Thank you.
nice red herring (Score:3)
Focus blame on bot herders, no need to fix software problems.
Re: (Score:1)
Re: (Score:2)
LoB
Re: (Score:2)
Focus blame on users who click "yes" to any old popup window (it could happen on any OS no matter how secure).
It will be interesting to see what happens next. Huge bounties followed by a well publicized trial where people go to prison might actually work to deter other wannabe botnet makers.
hmmm money (Score:2)
Maybe they give me 10$ for linking to this news.
Time for the botnet owner to cash in with some new, yet unthreatening info?
The only problem is... (Score:2)
The money is currently tied up in Escrow after the PRINCE died, and we need your help to LIBERATE it. For your efforts, WE will pay you THE SUM OF $250000 (TWO HUNDRED AND FIFTY THOUSAND US DOLLARS).
Send your Name, Address, Social Security Number, a recent photo, and your Bank account info to:
MICROSOFT RUSTOCK INFO
C/O MR SIPHO DLAMINI
512 MAIN STREET
ABUJA, NIGERIA
Also, we will send you a free sample of our new herbal PEN?IS ENLARGEMENT system.
Spamhaus is a good start... (Score:2)
One wonders, are they working at all with Steve Linford and Spamhaus? If not, why not? I know of no other well-researched collection of information, nor any other man well versed in who's sending spam.
Finally....woot woot to M$ (Score:2)
I have to applaud their strategy...let the coders doing all the work for the criminals, give in of the source code for some dough for a great relocation to some hot palm tree filled island...in the mean time giving away trade secrets belonging to the underground cybermafia....to totally devastate their revenu stream, and this will be superb! I cant wait till their start doing it.....
The key word here is "new" (Score:1)
*ring*
- Hi, I'm Bob from Microsoft Happy Hunting Customer Care. How can I help you?
- Hi, the name of the Rustock botnet master is "John Doe". Now let's talk about the 250K$...
- I'm sorry Sir, but we already knew that, so no bucks for you. Have a nice day!
Do I win the $250,000? (Score:2)
Bill Gates/Steve Ballmer and teams...
1 Microsoft Way
Redmond Washington
So... do I win?
</end poor attempt at humor>
Coincidence? (Score:1)
pretty bad terms (Score:2)
I don't think they made the terms-of-payment very attractive to the would be informant.
They want identification, arrest and conviction. Yeah, right! Those kind of rewards never pay out.
If I could finger someone, I would not trust to see it through to conviction and get the money.
Especially if the perpetrator is in China or Russia.
Do you think it would ever lead to conviction in that case, even if the culprit is known?
Microsoft should be a lot more bold here, and award to 250K for the identification.
Or maybe
CUDA Trojan in wild... (Score:1)
Need to keep an outdated graphics card to be safe.
I wonder... (Score:1)
If you happened to be a botnet owner, and you turned yourself in to Microsoft, would they pay your lawyer fees and bail as well?
Just saying, some of the smaller botnets could make a lot of money that way.....