Microsoft Slaps $250K Bounty On Conficker Worm 258
alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."
The new business plan (Score:5, Funny)
2. Give it to a bunch of script kiddies anonymously in bulletin boards.
3. ...
4. Turn them in to MSFT for the bounty.
5. Profit
Re: (Score:2, Funny)
No do homewerks?
Re: (Score:2)
Naw, it's just Microsoft's business plan to buy a reputation, cheap.
Actually, only based on the news reports I've already read, Microsoft's reward is already tiny compared to the initial reactive damages caused by Microsoft's sloppy programming and very unsloppy but aggressive marketing to make sure the danger is as widespread as possible. So far the damage (that I've heard about) has just been networks being shut down to try and clean the worm out--but if this thing actually has a hostile payload...
Imagine
Re: (Score:3, Funny)
OMFG, IS SKEYE NET!!!
I GOT HIM! (Score:3, Funny)
Hey, I GOT HIM. Even made a photo [appleinsider.com] for you.
Now sack him and send the bounty to my paypal please.
This is the guy who is currently officially responsible for windows being vulnerable to worm and malware attacks.
There have been others in the past but your bounty explicitly asks for the person responsible for this current "conficker" worm, so here you go.
Re: (Score:2)
Actually, as I thought about it some more, what Microsoft should offer to pay for is a copy of the source code of the worm. That would provide the mechanism to deal with it--possibly. Of course, they couldn't do that in public. They'd motivate multitudes of script kiddies to try and strike it rich with a big payoff for a few hours of coding.
Re: (Score:3, Insightful)
I don't think microsoft has an interest to deal with it in any way. This is a PR-effort to distract from where the blame should really go. Even if they "dealt" with this worm and its attack vectors in some way - the next worm is just around the corner. The security model in windows is just fundamentally broken, thus we'll continue to see worm attacks and pointless bounties.
Re: (Score:2)
ICanHaSSkript? No do homewerks?
No but I'll give you a cheeseburger, ok?
Re:The new business plan (Score:5, Interesting)
Re:The new business plan (Score:5, Insightful)
They also have to successfully pull off the "framing" part. The authorities are not unfamiliar with the idea that their informants may be lying for the reward.
Re: (Score:3, Interesting)
Re: (Score:2, Funny)
Re: (Score:2, Informative)
Because no one will ever suspect that the guy with the advanced degree, antisocial personality disorder, questionable source of income, and miraculous discovery of "the real hackers," would have had anything to do with it.
Re:The new business plan (Score:5, Funny)
Yes, I highly doubt the Hans Reiser defense is going to work that well here either.
Re: (Score:2, Funny)
Every day I feel the internet looks more and more like the wild wild west....
A bunch of so called hackers doing whatever they want, with no law to control them.... and now, bounties....
Now we just need a blondie to come up and collect fake bounties.
Re: (Score:2, Informative)
Step 1: Russia hires you to program malware for $50K a year.
Step 2: Russia lets malware loose.
Step 3: ...
Step 4: Russia turns you in for $250K.
Step 5: Russia = Profit!!!
The old business plan (Score:3, Funny)
1. Write an operating system and spend seven minutes making it secure ...
2. Sell it to a bunch of VPs, CTOs and OEMs from arm's length.
3.
4. Offer seven minutes worth of earnings [thevarguy.com] to whoever catches "the bastard" that tried to rain on their parade
5. Profit!
250K is too low (Score:2)
Re:250K is too low (Score:5, Insightful)
10 million zombie PC's are worth more than $250K
The 10 million zombies may be worth much more than $250k to the person that controls them, but they are worth nothing to the guy that lives down the hall from the person that controls them, so he might be quite happy to pick up the money if he knows something.
Tough room (Score:4, Informative)
"illegally" launching? (Score:5, Insightful)
Re:"illegally" launching? (Score:5, Insightful)
Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent
Re: (Score:2)
Re: (Score:2)
Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent
If you've ever watched Nancy Grace, you'd apply that to America, too.
Re: (Score:2, Insightful)
Re: (Score:2)
The laws of the jurisdictions where the infected pcs are located apply no matter where the thing was launched from.
Re: (Score:2)
Really? Then how will you extradite them if they're from someone where it wasn't illegal? Worse, how will you even find a competent prosecutor for computer crime?
The US record for convicting people for computer crime is, historically, awful. Even when they catch the guilty parties in the act, they traditionally attempt to try them for the wrong crime, fail to gather enough evidence to convince a judge or a jury as they run afoul of uncooperative schools where students have been active in criminal behavior,
Re: (Score:2)
You misunderstood. This is not a bounty for their arrest.
It is a recruitment bounty so they can teach them to make software that is not so full of holes you would mistake it for a premise for war or something.
Re:"illegally" launching? (Score:5, Insightful)
First off, all politics is local. My local laws apply to what you do to me or my equipment in my jurisdiction. On top of that, in civilized countries all this shit is illegal. Remember the sasser worm? MS paid out a 250k bounty and the author was revealed to be a German who was later convicted.
Secondly, its not too hard to figure out who did this. A lot of these trojans wont install if your default language is Russian. How odd, eh? Essentially, this is a hand out to the Russian government because it protects and profits from its industry of malware writers, most notable The Russian Business Network. [wikipedia.org] These guys arent getting caught. They have the full protection of the Russian government. MS and the rest know this, but they also know that money talks and a high profile defector would be good for the cause.
Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.
Re: (Score:2)
So maybe you can narrow it down to a country of ~140 million (if it's Russian, let's say). That's still far from figuring out exactly who did it.
Re:"illegally" launching? (Score:5, Interesting)
Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.
Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.
I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz [ipdeny.com]
If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.
The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.
-JL
Re: (Score:2)
I do this at work too. Instead of the received email being 90% spam its only 40%. Weighted blacklisting takes care of the rest. No content filtering at all.
Im tempted to put the same rules into the windows firewall for my relative's and friend's computers. They wont notice and it might save them from malicious sites. A more diplomatic approach would be something Web of Trust firefox extension, but some type of realtime blacklist for malicious servers and botnet zombies sounds like a good idea.
Re: (Score:2)
Re: (Score:2)
Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.
You are putting blame on the wrong shoulders.
I'll admit that I caught a virus once - it was a boot sector virus that some idiot brought into the office and infected a floppy disk that we used to boot to get at a stupid MS-DOS only configuration program for an ethernet card. Didn't do anything to me, my equipment was running Linux.
Perhaps it's time to firewall off Redmond, WA. It certainly would fix the problem.
Re: (Score:2)
Here, this will help you [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
It was launched by the operating system. So I would call that bounty on the person responsible for Autorun/Autolaunch functionality in Windows.
If you provide functionality that can be abused - it will.
Microsoft is responsible (Score:4, Insightful)
These guys abuse a problem but they also raise awareness for a security problem Microsoft has put into existance through its operating system software. This company should pay and offer its customer to remove the worm for them and compensate them for all the costs caused by their defect software. The guys just exploited the weakness.
Though Microsoft offered a patch I don't remember that Microsoft actively informed its customers about the defects of its software and apologised to me or that my hardware vendor recalled the hardware.
Re:Microsoft is responsible (Score:5, Insightful)
Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software produced by MS is riddled with "defects", is either not paying attention or is seriously brainwashed.
Re:Microsoft is responsible (Score:4, Insightful)
True, but the "produced by MS" part is redundant. Pretty much all but the very simplest of software has defects.
Re: (Score:3, Funny)
No, that's an MP3 encoder.
Re: (Score:2)
Re:Microsoft is responsible (Score:4, Insightful)
Yeah, after reading the Slashdot article a couple of days ago on not running as an Admin on Windows, I decided to play around a little.
I found that even though XP Pro lists only the options of running as an Admin or a User, there is in fact a fairly simple way to run as a "power user," which is not as restrictive as a normal user (fairly simple but not fairly obvious way).
I've set up some domains for Windows server 2003, but I had really never looked at how much you could do with XP, and actually, you can do quite a few of the same things in the group policy settings.
However, all this goes right out the window on XP Home.
Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.
Also, for a project I'm working on, I was looking to secure just the ability to change some network settings. On Linux, what I wanted to do was trivial. On Windows, it was almost impossible without busting the user down from running as an admin...and then program after program fails to work correctly.
Again, Microsoft deserves everything they are getting.
Re: (Score:2, Troll)
And I suppose all the Windows users deserve what they are getting?
I'm not defending Microsoft's holes in its code, but to say "Too bad, Microsoft" and ignore that many innocent users use it is pretty ... well, kinda goes back to the annoying Linux attitude that people complain about, I guess.
I like and use Linux. But I would rather not like to have Linux give the same "better than you" vibe that Mac does at the moment...
Probably offtopic or troll. Oh well.
Re:Microsoft is responsible (Score:5, Insightful)
Like you, I love and use Linux, but I don't think that Windows users shouldn't have an OS that's as easy to secure (and use in a secure way) as you and I do. It can be argued, however, that Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.
Re: (Score:3, Insightful)
Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.
Demanded or not, just like Linux, this was a security problem that was found and a patch was released to the public. Users either refused to install the patch or had Windows Update disabled for a variety of stupid reasons.
When the ax falls, who are people going to blame? Certainly not themselves.
Re: (Score:2)
On XP putting a regular user in the "Network Configuration Operators" allows them to administer network settings without giving full admin priviledges. The power users group is all but an adminstrator anyhow.
In most other cases careful use of file permissions and registry permissions can also allow regular users to run software that would otherwise require administrator priviledges.
The programs that break down are not following guidelines that have been well established by Microsoft for many years, pretty
Re: (Score:2)
May I ask why you would restrict your developers (usually a tech-savvy person) to a standard user? I can see removing Admin of course, but Power User also? It really seems like that would make writing software a nightmare for the developer. We have a "dummy login" that we switch to when we want to test that permissions have been programmed correctly.
Ju
Re:Microsoft is responsible (Score:5, Insightful)
>Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.
Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this. People are surprised their 10 year old software that writes to c:\temp doesnt work anymore. Now that there's an NT ecosystem of software out there (write to profile area, not to system area when running), its easier for MS to do this. Shame that even the good changes MS does is received with the same old bellyaching.
>Also, for a project I'm working on, I was looking to secure just the ability to change some network settings
You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.
>Again, Microsoft deserves everything they are getting.
MS is a company. It doesnt feel pain or shame. Right now the people feeling the pain are innocent users. Perhaps you should have a little sympathy for them.
Re: (Score:2)
>Also, for a project I'm working on, I was looking to secure just the ability to change some network settings
You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.
Reading comprehension isn't your strong suit, is it?
He doesn't want to give them the right to change network settings. He wants to take away the right to change network settings, without "busting the user down from running as an admin."
In other words, allow them to do anything except change network settings.
Re: (Score:2)
I swear last time i setup XP it was home and there was a power user setting under the hidden user contols menu (ControlUserPasswords2.ccp i think)
Microsoft: Release a mandatory patch to stop it... (Score:5, Interesting)
At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!
DNA providers?? (Score:2)
Since when has ICANN been providing DNA?
Re: (Score:2)
Sometimes when I see how trivial it is to hijack Microsoft boxes, I think that half their coders must be spending their days "providing DNA" in some broom closet while surfing pr0n. For fuck sake, Microsoft has fairly unlimited resources. If they really WANTED to clean up their security act, they could.
Re: (Score:2)
Icann haz worm plz?
Malicious? (Score:3, Interesting)
'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'
Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.
Re: (Score:2, Insightful)
How is it not malicious already? It downloads and spreads unknown crap without peoples knowledge.
Re: (Score:2)
Where is the malice? Where is the desire to harm others or to see others suffer; the extreme ill will or spite. Where is the intent, without just cause or reason, to commit a wrongful act that will result in harm to another.
Malicious? I'd be stretching it to even call it malevolent. It's just trespassing. You may not want it there, but it isn't doing anything really harmful yet. Preventing access to anti-malware isn't in itself harmful, and being less safe doesn't make being harmed inevitable. Not wearing a
Re:Malicious? (Score:5, Insightful)
Using my resources without my consent is malicious.
Re: (Score:2)
He has some point. Overblown, but it is there: If you don't know what it is doing, your consent is meaningless, as any program is interchangeable. Consenting to unknown code running on your computer is consenting to ANY code running on your computer.
Re: (Score:2)
You know something? I could actually do that.
I'd have to refresh my memory on how the RF demod section works in a TV, but that's not remotely the same as having no @#%^$# clue.
Re: (Score:3, Insightful)
> Has Conficker done anything malicious yet?
Installing it on someone's pc without their knowledge or permission is malicious. So is blocking access to antivirus sites. So is using said pc to attack other machines.
Re: (Score:2)
The mere act of unauthorized installation is malicious.
Re: (Score:2)
erm... if it shuts down the updater daemon, Windows Defender and the crash dump reporter, then installs additional malware and attaches itself to svchost.exe, explorer.exe and services.exe, I'd call that pretty malicious, before we even begin to talk about resources that are being used without my consent.
Re:Malicious? (Score:4, Funny)
Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.
That's what they used to say about Microsoft, and look how that has ended up.
Re: (Score:2)
>It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.
How is that non-malicious? If you stole my car to drive you grandma to church its still theft. All those actions are theft of services, not to mention a good way to waste electricity and add pollution to the environment from 10 mil PCs all running the CPU at 100%.
Re: (Score:2)
Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.
Re: (Score:2)
Has Conficker done anything malicious yet?
Are you kidding? From Microsoft's point of view it has done the WORST possible thing. Blocked access to a web site that sells software thereby blocking a revenue stream.
Re: (Score:2, Flamebait)
Funny you should mention that ... back when I was still protected by the young offenders act, I made a trojan which essentially did just that. Got 3,000+ computers on it - you should have seen the Seti@Home work units rolling in ...
Thinking back on it, though, I agree with everyone else -
Re: (Score:2)
Even without doing anything beyond installing itself, it has already done a lot of expensive damage. I've already read of two cases where networks were shut down because of infections that needed to be contained. One of the affected networks was the municipal court system of Houston. That outage was at least several days long, though I'm not sure how you assess the total cost of the damage. You can't just limit it to the technical staff time, but you have to add in for the remedial time, and the cost of shu
"and no disintegrations!" (Score:2, Funny)
"as you wisshh"
In separate news, Microsoft budgeting an extra (Score:5, Funny)
US$398 to fix security problems with their software...
Re: (Score:2)
Silly me. I thought the price was $699. [sco.com]
They must have got a slamming discount for volume [arstechnica.com].
Microsoft is being cheap (Score:2)
They need to offer upwards of 5 to 10 million dollars. With a bounty of $250,000 I don't think they will be caught. And $10 million is chump-change for Microsoft... they buy laws for more than that.
Robots 1, Humans 0 (Score:2)
So back to my post title, if a Skynet equivilant does decide it wants to rule us, it wi
Re: (Score:2)
You do know that turning off autorun does not turn off autorun [us-cert.gov], right?
Re: (Score:2)
http://www.us-cert.gov/cas/techalerts/TA09-020A.html [us-cert.gov]
http://en.wikipedia.org/wiki/Autorun#The_AutoRun_disable_bug [wikipedia.org]
cheaper to sue (Score:2, Interesting)
Re: (Score:2)
Apparently it works. Microsofts operating systems have less vulnerabilities than any of the other mainstream operating systems, OS X and Linux.
This is not a troll post. I know the general consensus on /. is that Microsoft operating systems and software have more holes than any other. However, IBM (X-Force team) draws regular statistics based on disclosed vulnerabilities.
http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf
This is how to troll (Score:4, Funny)
Here we are in the middle of a thread discussing how a recent one of the million pieces of Windows malware has zombied 12 million computers around the world, and you're here to remind us that Windows is more secure because somebody somewhere said so.
Nice. Thanks.
*What* providers? (Score:5, Funny)
DNA providers such as ICANN, ORG, and NeuStar
Hey, I'm a DNA provider too, baby.
Re: (Score:3, Funny)
"Hey, I'm a DNA provider too, baby."
They can have my DNA when they pour it from my cold, dead keyboard.
A stroke of genius... (Score:3, Funny)
Patch the vulnerability!
Who do I see about dropping off my resume?
Re: (Score:3, Insightful)
Microsoft patched one heinous vector months ago: the broken Server service that allows pathological inputs to execute arbitrary code with System privileges, remotely. They patched it with hasty broken code that will be exploited later this year, but that's a different worm for a different day. They also didn't disable remote logins on this service or do the rational thing and close the port entirely so one exploited PC inside your network is going to spend its whole day cracking passwords. A diligent IT
Re: (Score:2)
You're [us-cert.gov] absolutely [wikipedia.org] wrong [wikipedia.org]. Why do you people keep trusting Microsoft?
oops (Score:5, Insightful)
The worm authors made just one mistake... they were far too successful. They wanted a botnet. Maybe a few thousand computers. Maybe 10 - 20 thousand.
Instead, they wrote a fast spreading worm that infected millions of computers.
What's the difference? The guys who infect 10,000 computers are small fries, and no one is going after them. Infect millions of computers though, and every computer crime agency on the planet will be after you...
Conflicker Flavors (Score:5, Funny)
Symantec, which is contributing its malware-analysis expertise to the group, believes there are two main versions of Conflicker, "Flavor A" and "Flavor B,"
The flavors were determined using LOLCATS. True story.
We'll smoke 'em out (Score:2)
We'll find the terrorists.
Slowly? (Score:2)
It has been slowly but surely spreading since November.
If 4 million installs a month is slow then what is fast? Vista? ORLy?
Cheap Pricks (Score:2)
Girls who want intelligent babies pay more than that for my sperm. Only the half-wits at Microsoft could imagine that the guilty parties (and the people who know them) carry less than $250,000 in their wallets.
Re: (Score:2)
Microsoft has a plan:
1. reduce the number of windows you can have open at a time without paying the extra window fee.
2. Convince everyone to switch to linux/Mac
3. The world profits.
Re: (Score:2, Insightful)
I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.
Well maybe (Score:3, Insightful)
I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.
Well maybe they should make a decent OS. Or stop partnering with companies for the purpose of killing them for the secondary benefits. Or suing their customers. Or stealing ideas like Stacker. Or paying Gartner to release "studies" that exclaim their new products are taking off like a rocket. Or taking a perfectly good webmail like hotmail and turning it all greasy. Or trying to kill decent software companies like Netscape, Corel and Adobe. Or launching disinformation campaigns like "get the facts" an
Re: (Score:2)
Probably messed it up with DNS providers (S and A sit right next to each other). And interestingly though in German "DNS" means "DNA" ;) (the S standing for "Saeure" = "Acid").
Re: (Score:2)
How could I resist having a bit of fun with someone's very public typing error? It's just my way of asking, "What, never heard of proofreading?"
Re: (Score:2)
Not likely (Score:5, Insightful)
This program, which has been in place since 2003, has paid out a grand total of $250. All of it in one whopping check to the college mates of the Sasser [theregister.co.uk] programmer. Presumably they split it and bought some beer. The program manager must be quite proud of himself.
In related news, Microsoft is working with ICANN and others [heise-online.co.uk] to prevent the registration of the domain this thing calls home to. It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.
If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Sorry, but this one is definitely your operating system's fault [us-cert.gov].