Microsoft offers reward to catch worm maker
Microsoft on Thursday announced it has formed a technology industry posse and put a bounty of 250,000 dollars on the heads of those responsible for a vexing computer worm.
The nasty computer code known as "Conficker" or "Downadup" has been spreading quickly, wriggling into millions of computers worldwide and threatening to commandeer or crash systems.
Microsoft is working with computer security specialists and the Internet Corporation for Assigned Names and Numbers (ICANN) to track down whoever unleashed Conficker.
"The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together," said ICANN chief Internet security advisor Greg Rattray.
Microsoft promised to pay 250,000 dollars for information that leads to the capture and conviction of the people that launched the malicious code on the Internet.
"We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable," said George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group.
"Microsoft's approach combines technology innovation and effective cross-sector partnerships to help protect people from cybercriminals."
Cyber threats are evolving rapidly, compelling technology firms and academic researchers worldwide to increasingly collaborate to coordinate defenses.
The posse bent on corralling Conficker includes Symantec, F-Secure, VeriSign, Afilias, Internet Systems Consortium (ISC), and the Shadowserver Foundation.
"I am heartened to see this group of companies and researchers working together night and day, cooperating in some cases with their direct competitors, to cap the damage from this worm," said ISC president Paul Vixie.
"We've aligned a huge pool of talents and resources. We've got a lot to do yet, about this attack and likely future attacks, but if we keep on working together like this, we're going to make real progress in Internet security."
Microsoft said it is offering a cash reward because the Conficker worm is a criminal attack. Anyone that knows about Conficker's origins is urged to contact police dealing with international law enforcement in their country.
Advice about defending against Conficker is available online at microsoft.com/conficker.
The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with Windows security patches.
It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another. Once in a computer it digs deep, setting up defenses that make it hard to extract.
Microsoft says it is aware of the Conficker "worm family" and has modified its free Malicious Software Removal Tool to detect and get rid of infections.
Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.
A troubling aspect of Conficker is that it harnesses computing power of botnets to crack passwords. Security specialists recommend hardening passwords by mixing in numbers, punctuation marks, and upper case letters.
Repeated "guesses" at passwords by a botnet have caused some computer users to be locked out of files or machines that automatically disable access after certain numbers of failed tries.
"When botnets start being controlled through global, randomized domain names, you know things are heating up in cybercrime," said Afilias chief technology officer Ram Mohan.
"Attackers are evolving and deploying ever more sophisticated techniques. We need to stay together to provide a unified front against future attacks."