Microsoft puts 250k bounty on Conficker virus creators
Microsoft has offered a $250,000 reward to track down the creators of a virus which infected an estimated 10 million Windows computers. The bounty will be paid if and when the creators of the Conficker virus are found and convicted.
The reward is part of an ongoing collaborative effort between Microsoft, security researchers and ICANN, the organization which controls the domain name system used by internet sites.
ICANN and other domain-related organizations are particularly valuable allies in the battle against Conficker (also known as Downadup). That’s because the virus uses randomly generated Web site addresses to get updates from the creators. Domain registrars now believe they have the formula used to create the random addresses and may therefore be able to cut off, or at least limit, the update distribution.
Microsoft says the reward is intended to highlight the criminal nature of the virus. The money is available for tip-offs from any country as long as such rewards are allowed under local laws.
The large bounty is also inspired by the race to disarm the virus before it does more serious damage. While millions of machines have been infected, the creators have yet to use the resulting network. While there’s some hope the virus itself is flawed, fears remain that the people behind Conficker may be trying to sell their havoc-wreaking abilities to the highest bidder.
The number of machines infected has dropped substantially since the virus’ peak thanks to the widespread publicity, but security firm F-Secure found the infection on two million IP addresses over the past 24 hours. Given that some IP addresses cover multiple machines, the number infected could be even higher.
This is at least the third such bounty Microsoft has offered. In 2004 it paid out $250,000 to German students who reported a colleague as the man behind two high-profile viruses.
Related Posts:
February 13th, 2009
“Microsoft has offered a $250,000 reward to track down the creators of a virus which infected an estimated 10 million Windows computers.”
How about a $250,000 reward to track down the creators of the OS that is so susceptible to such a virus in the first place?
February 13th, 2009
Good one.
February 13th, 2009
Thanks Ken
February 13th, 2009
Microsoft may make a big splash with the headlines, but we are still getting hundreds of visitors each day at downadup.com trying to get the Conficker (Downadup) virus off their home or network system. They are blocked from Microsoft support and anti-virus sites but the infection, have little direction from the industry, and are being charged serious money by ‘rent-a-geeks’ to ‘repair’ their systems. This so-called Conficker Cabal should make some effort to help the single pc victims – especially those on XP Home Edition who cannot easily disable AutoPlay. These infected machines will be a continuing source for reinfection.
February 14th, 2009
The people behind this virus deserve to get the death penalty! They have no right to F^** up customers’ property like that! This is disgraceful. Only cowards would do such things. Microsoft I’m with you till the death.
February 16th, 2009
@Hugh
Unless you can create one that isn’t susceptible then shut the hell up.
People like make me sick.
You have no flippin idea what your talking about or how much work goes into creating an OS.
Not to mention the hundreds of people trying to work together to make the OS.
Get a life you piece of crap!
February 17th, 2009
Hello ncaissie,
Although I am currently working as a UNIX/Linux consultant, I have spent one third of my thirty years in I.T. toiling as an analyst/programmer and DBA. Although I have never done any systems programming, I have a fair grasp of the fundamental precepts regarding good coding practice, and my code – whilst perhaps workmanlike rather than brilliant – is something of which I will always be proud.
So maybe I have at least *some* idea of what I’m talking about, although I wouldn’t claim for a moment that I belong in the august company of those truly gifted programmers who write operating systems. (Of course, when I talk of operating systems, I don’t mean the rubbish peddled by Redmond – I mean real operating systems that actually work properly).
But enough about me. What about you ncaissie? What is your profession, and according to what experience do you render judgement? Are you thoroughly well-versed in matters technical? Are you yourself, perhaps, one who is responsible for writing operating systems, and thus one who is intimately familiar with all the complexities and intricacies involved? I await your reply with interest.
February 17th, 2009
I have been a software developer for Canadian Federal Gov. for 7 1/2 years. I do not believe your code or anyone’s code is bug free let alone non-exploitable. Specially if you had to write something as complex as an OS. As for Linux, there is a reason it is not being used main stream and the fact that it is not used main stream is why no jack @ss virus writers are targeting it. It’s not user friendly and to make it user friendly it opens the door to exploits.
I’m sure there are plenty of people out there that could write virses for Linux/Unix/OSX.
I for one believe tat MS is targeted because they are jealous of their success.
I don’t pretend to write bug/exploitable free code and you shouldn’t either. I’m sure it can be done for a simple application but an Operating system is far from a simple application.
And in case you haven’t noticed it’s mostly third party code the MS promised to support that opens most of those back doors.
So don’t give me this 30-year perfect coder bull crap.
February 20th, 2009
Hugh and Ncaissie, you two guys cut it out with the I-have-more-knowledge-than-you BS. Here is my experience…I know next to nothing about computers, especially compared to you guys, but please tell me, why can’t someone come up with some way to track down these creeps who create viruses and trojan horses? Seems to me it must take a lot of knowledge and work to create these terrible things, why can’t someone use that energy to create something to find these evil people?
February 23rd, 2009
@Ben:
Because the world is a big place and unless you can convince a third world Internet service provider to give up the users name then our hands are tied. The same reason we can’t stop the child porn.
We can only nab the ones in our own country. And they do just that.