Slashdot Mirror
Microsoft Offers A Bounty On Virus Writers
Iphtashu Fitz writes "According to news.com Microsoft will announce a bounty of $250,000 on Wednesday for information on who wrote two recent Windows viruses. The bounty is offered for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus. Microsoft will officially announce the reward in a joint press conference with the FBI and U.S. Secret Service Wednesday morning. This is the first time a company has offered money for information about the identity of the cybercriminals. Could this be the start of a new trend in going after the writers of viruses & worms?"
But this is ridiculous!
It's not that hard to deploy a virus and not get caught. There are so many open access points and people who forget to log off of an email account after leaving.. how would you track it?
--
"I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo
Tomorrow: $500k reward for writers of Linux or Apple viruses
Or does Microsoft actually make money from spam? I seem to call they were not exactly a staunch supporter of anti-spam legislation recently.
UNIX? They're not even circumcised! Savages!
they should invest the 250000 into their security team and fix the vulnerabilities instead of chasing after 13 year olds
...closer together.
Later in the same press conference, newly appointed Communications Secretary William Gates III announced that sale of all software in the United States will cease Monday, to be replaced by a Federally subsidised regime of nationally distributed software based on a uniform technology. In response to questions Mr. Gates indicated that the vendor supplying the software had not yet been selected, before laughing maniacally.
Read Pynchon.
Comment removed based on user account deletion
Well, ask any doctor and he'll tell you it's better to cure a disease than to treat its symptoms. No virus writers means no viruses, which means no headline news virus alerts and scares.
Of course, the question is how much of the "disease" is the virus writers and how much is Microsoft itself with its sloppy approach to secure computing?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Well you clearly didn't get a temp job on a helpdesk a week before the shit hit the fan.
I did >: (
Besides, in business where the sysadmin wasn't a total retard (read: not where I was) there was no way for the worm to get in. The people who needed to patch their systems were the home users who got shafted for not using firewalls. The same people who use Windows because it's not meant to need much setting up . . .
"If being a geek means being passionate about something, then I pity those who aren't geeks." - Pike65
This is a lovely bit of marketing. It deflects all blame for the viruses onto the writers, and implies that Microsoft have no responsibility here.
Don't get me wrong, I'd cheerfully beat the living daylights out of a virus writer on the basis that I can barely use my email now. Let's have an analogy:
You are a major company with expensive commercial premises. [You are a company who uses IT kit.]
You employ a security firm to look after your building. [You install an OS.]
Your building burns down because there were no doors and some bored teenagers wandered in and torched the place. [You get burned by a virus, and trust me, that costs business money in downtime and/or admins.]
Was the teenager guilty? Yes. Was the security firm negligent? Yes. Does going after the teenager mean the security firm is not negligent? Nope.
I'm rather bemused as to why a major business hasn't sued Microsoft over some of the security scandals this past couple of years. Much as I'd like to see it, I don't think any will really vote with their wallets; migrating desktops for plain ordinary business work (mail, Word, Excel) from Windows is never even discussed, no matter what the servers are.
My solution? XML document formats! Even if it's not XML, something common. Until we have that there'll always be a monoculture on the commercial desktop.
(For what it's worth, I bought Office on my Mac OS box. It's nice. I don't like Windows, but I don't object to Office at all, realising that LaTeX isn't for everyone.)
Because we know these virus-writing punks can't resist bragging about their exploits in whatever low-rent Usenet hang-outs they frequent, it should be interesting to see if there is as little honor among them as there is rumored to be among thieves.
Script-Kiddie: "Dude! You turned me in to... to... Microsoft!?! That's cold!"
Former Friend of Script-Kiddie: "Sorry, man, tuition at MIT is a real bitch, yo."
S.K.: "MIT? What choo talking 'bout, MIT? You go to Westchester Community College!"
F.F.o.S.K.: "That was before I got this here letter of recommendation from my new sponsor, William H. Gates III. Hey, whaddya think of these new Birkenstocks? Too gay? I kinda think they set off my eyes pretty well, yo..."
S.K.: "Dooooooood....!" (As two big guys in MS-branded butterfly suits drag him into back of van)
F.F.o.S.K.: "Hey, look me up when you get out, man. By then I should be setting myself up in my own company and will be able to use a guy with your leet skills."
Certainly the government has been doing so for a while, considering the various bounties for information leading to the arrest of international criminals and terrorists. Maybe corporation joining the bandwagon to do the same is the next good thing..
And remember, MS has ~ $50BN in case, so it isn't a big deal to them to put the money where their mouth is. In fact, $250K is rather cheap considering how much bad PR they got recently due to the attacks (that must have cost them $BN's in lost revenue from customers switching), so imho they cound't hope for a better use of the same amount if they tried to make up for the negative publicity some other way.
The problem is not many people look further than Microsoft products because they know no better, and the mainstream press doesn't do much to help this. Microsoft throwning money into the pot to catch criminals is unlikely to solve the problem, in the UK there's a lot of schemes that offer rewards for finding criminals, but although they often catch people, it doesn't seem to deter people. I mean we can't tell people in the UK that they can install new Windows and doors in their house and not bother to lock them, and installing an MS OS (and to be fair many Linux distributions) without doing a 'lock down' is just as stupid, but most people don't know how to go about securing their PC.
We know that other products aren't perfect but variety in software does do something to reduce the dramatic effect of these worms.
So the more people we can educate about alternatives to Microsoft products such as Mozilla Firebird, Thunderbird and Seamonkey (the app suite) will help to restore some balance and will hopefully reduce the number of email viruses. Commercial alternatives such as Opera should also be mentioned because although I think the interface is awful, other people like it and choice is good. Many home users just use thier computers for web browsing and simple documents, so Mozilla + OpenOffice would do all they need.
Then on the desktop you have various options as well as Windows, although unfortunately for most people they may be depending on it for certain applications. MacOS X is ok, but would require buying new hardware if you currently have an ix86 PC.
People have been starting to see Microsoft as a vendor of poorly-written, insecure software. What this offer makes people see is that Microsoft is just the victim of evil criminals. And you can never blame the victim for the crime...
Finally! A year of moderation! Ready for 2019?
1) Claim to be the virus writer
2) Get $250k
3) Bail yourself out of jail
Wow! Profit at stage #2 and no ???! This *has* to be a good plan!
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
Given that the Sorbig virus has been linked to spammers, finding the person who wrote the virus might be a blow against spammers as well. Any trial will be well publicised and having the public connection of spammers==virus writers==evil hackers (yes I know the proper term is crackers, but this is public opinion I'm talking about here)==terrorists could be a big blow against the reputation of spamming so that it is no longer seen as just an annoyance but something potentially dangerous. This probably won't bother the spammers so much but it might help get legitimate companies who hire them give the whole email marketing process a second thought, especially if any connections come up during a trial. "Trial: Virus used to advertise for Company X." "Virus writers hack computers to advertise for X" does not sound good for Company X on the front page. At the very least it might make them more careful about who they hire and who the people they hire outsource to (as I'm sure there will be so much outsourcing something known as "plausible deniablity" will be used).
And a connection in the public consciousness between spammers and hackers who write viruses might give a bit of impetus to the government for harsher anti-spam laws. I mean look at anti-hacking laws vs anti-spam laws. Which one has more teeth and are tougher?
This reminds me of O.J.'s promise not to rest until he personally found the real killers.
Cantankerous old coot since 1957.
This idea is about as retarded as saying that:
- throwing stones through people's windows is good. It encourages them to buy bullet-proof glasses before a real thief breaks through that window.
- lockpicking into someone's house and spray-painting their walls is good. It encourages them to buy better locks, giving a real thief less opportunity to steal stuff.
- poisoning the neighbour's dog is good. It encourages him to get a dog which won't wag its tail when a (potential) thief throws him a piece of meat.
- keying random people's cars is good. It encourages them to park those cars in proper park houses, where presumably a real thief would have a harder time getting away with their car.
And so on, and so forth. I'm sure you get the idea by now.
Basically, no, there is no proper excuse for vandalism. Neither in the proper world, nor in the IT world. And just as any judge would probably just have a laugh if someone pulled the retarded excuse "but the lock wasn't 100% secure, so it's not my fault" in a break-and-enter trial, the same should apply to breaking-and-entering someone's computer.
And if you do go around keying cars or flooding the net with RPC exploit packets, no matter how well intentioned you are, I do hope they throw you in a nice jail cell, with two convicted anal rapists as cell-mates. Yes, that same heartfelt wish goes to whoever thought that an RPC patching worm is a good idea.
A polar bear is a cartesian bear after a coordinate transform.
Slightly off-topic, but related to what you said, this is part of a recent journal entry I made.
I don't think most people who bash Microsoft really know, cognitively, why they do it. But there is a social dynamic in effect that causes people to resent, and therefore attack, what they cannot quite understand.
Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic. Both of these are really a statement of expectation, not actual fact.
The US is in truth a plutocracy. Firstly, the freedom of the press is only truly open to those who can afford to publish. The emergence of mass media in the 20th century further centralized the primary means of communication in a small number of corporate hands. That person or corporation with the most power, in economic terms, can "speak" with the greatest volume.
The Internet has lowered the barrier to communication, and is the leading edge of the revolution (see, it's not being televised, is it?) in terms of giving a greater and increasing voice to those with the greatest persuasiveness, rather than those with the most financial means to promote their message. What will hopefully emerge from this process is a totally new form of government, a meritocracy. In my opinion, music will be the greatest power. Some might suggest pornography will rule. Much of what goes for popular music today (given current media) is some combination of the two.
In the meantime, and returning to the subject of this journal entry, the company with the greatest financial clout in the world right now is Microsoft. Moreover, the company is controlled in large part by a single man, William Gates III. What he says Microsoft will publish, they will publish. When he wants to back a candidate for office, he can ensure that candidate will have the full power of the press behind him.
I am not trying to say that Gates is a bad man, only that he is a man who controls the largest share of the liquid assets which confer power. There are many other wealthy individuals and families, some of whom probably resent Gates. His power is counterbalanced by the old money still very capable of exercising their power.
If my thesis is right, and this is a plutocratic system, then Gates is nominally the king, with no hereditary right of succession as such, unless he can prolong his wealth into the next generation.
Thus the GNU project, and associated free software and open source projects, originally aimed at AT&T, has become a loaded gun pointed at the king himself.
Peace and love, y'all
By offering a bounty on their heads, they only serve to increase the status of worm and virus authors. What was once the loserdom of the script kiddie community is now glamorous.
Now consider what this means to their "secure computing" initiative, how the frustrations from dealing with this shit can make people more accepting of their draconian security measures. Consider the financial benefits of "digital rights management" that they can only realize after the hardware and software is locked down.
You can imagine the conversation that lead to this, like something out of "24" or the Bush administration: Lets allow, no, lets *encourage* a virus 911 so they'll let us lead them to safety!
"Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic."
...)
Yeah, I know these kinds of people, and it's usually someone who has their main political experience from playing "Civilisation".
(Although it seems the US doesn't get as many unhappy faces for going to war as other nations
To have democracy is to be ruled by the people. When a nation is a republic it just means there's no king/queen/tsar/other hereditary figurehead or ruler.
Nepal is not a republic and doesn't have democracy.*
Great Britain and Denmark are democracies but not republics.
China is a republic but hardly a democracy.
USA, France and Germany are all democratic republics.
For instance.
* Actually I don't know how much is left of their royal family, there was some massacre I think.
xkcd is not in the sudoers file. This incident will be reported.
This bounty is just a PR game to distract from anti-trust, patent violations, anti-competitive fines, security fines. Microsoft's executives and other investors have had enough time now to dump their stock. Game over.
Mind you, some conspiracy theorists also claim that the world is ruled by alien lizards, so I think it's fair to take what they say with a pinch of salt.
:-)
... but it has certainly been exploited in analogous ways by the FBI and the secret service to grab unprecidented power in the United States).
... their theory, while quite possibly false, is certainly worthy of consideration, particularly given the amount of historical fact that illuminates similiar behavior by Microsoft in the past.
Yes, but they aren't the same conspiracy theorists.
On a serious note, folks on slashdot (and indeed, people in general) tend to equate all types of conspiracies (and conspiracy theories) and lump them together...somehow equating Enron with the X-Files, at least until Enron is exposed publicly (then, for some reason, people are able to grasp the difference). This is a real problem, because it means that people will live in denial of real-world conspiracies that are taking place (e.g. Monsanto's conspiracy to dump toxic waste into the rural groundwater of the deep American south in the 1990s, or the current SCO conspiracy to defraud their investors and steal the copyright of thousands of software developers around the world) by dismissing them in their minds as no more likely than alien invasion, UFOs in storage at area 51, or silent black helicopters hovering overhead.
We do know conspiracies exist, therefor, it logically follows that some conspiracy theories are likely to be not out in left field, but rather quite correct.
We know as a matter of historical record that the Nazis conspired to stage a "terrorist" act against the Reichstag as a prelude to a coup d'tate, however, listening to the "conspiracy theorists" of the time would have been like listening to a conspiracy theorist today claiming that 9/11 was staged by Baby Bush (it obviously wasn't
Microsoft has a history of conspiring to do dishonest and disingenuous things that directly (and illegally) harm and coerce their customers and their competitors, indeed, they have been convicted of doing so on numerous occasions (the DOJ anti-trust trial and subsequent sell-out being only the latest example). A conspiracy theorist pointing out a economic or tactical political advantage Microsoft might gain through ill-behavior toward its customers is not out in left field
So IMHO it is a mistake (and disingenuous) to equate actions by Microsoft and the copyright cartels that directly threaten our digital freedoms, and the conspiracies that do in fact drive these agendas (even if said conspiracies have the most banal of motivations: greed for cold, hard cash), with tin-foil hats, ghosts, and UFO sightings, as is so often done by the apologists of such groups.
Expressing concern about corporate or government malfeasance (conspired or not) isn't even remotely analogous to X-Files-like nonsense, and it is time we stopped allowing sceptics to use dishonest means (equating suspicion of the Reichstag burning ^H^H^H Microsoft's exploitation of their woeful security record to political advantage, with suspicion of Alien Lizard ruling the earth) to denigrate those who do express such concerns.
The Future of Human Evolution: Autonomy
...who is willing to spend a few years out of circulation for $125,000...!
Contact me on 555-EASYCASH.
----------------------------------- My Other Sig Is Hilarious -----------------------------------
Steve Linford of Spamhaus seems to think he knows who is behind the Fizzer/Sobig/Mimail attacks, and will be releasing the information in the near future.
In the article, he leads one to believe that Fizzer is still active in the wild. As a member of IRC Unity, the group founded to eradicate Fizzer, I have not seen a report of Fizzer in months.
If Steve Linford actually knows, he needs to contact Microsoft. The money would help him pay for the losses incurred by the DDoS attacks against Spamhaus.
Pete Carr Owner Chatmag.com
No, I'm New Here
Gee, I knew what most of these posts were going to say before I even read them. Most of them say that this is just a marketing ploy by Microsoft to deflect criticism, that Microsoft's poorly written code is what is really the cause, and Microsoft this and Microsoft that and oh, by the way Linux rules.
Let's put all of that aside for a minute. I'm not going to be pro-Microsoft or Pro-anything here. I am going to be Anti-virus writer though.
Cyber-crime be it scams, viruses, trojans, worms, password/identity theft, carding or whatever affects all of us personally. It does because it casts things like the internet, ecommerce, and technology in a poor light. It causes "big money" to think twice before they invest in technology, it causes things like e-voting to come more slowly to the forefront and, it forces companies to take sometimes extreme security measures.
In a sense, the 'net hasn't matured yet. It can be compared to the Wild West where crooks didn't have to run very far or hide very long or even worry very much about getting caught. I have no doubt that over time we will see the net change and cyber-criminals and other scumbags will have more to fear. But right now, a wanted poster with a reward is appropriate. It is what Wells-Fargo did to catch outlaws way back when and it will work as well today.
This is one of the most blatantly false statements I have seen get modded up to +4 or +5 in a long, long time.
Windows Media Player, Internet Explorer, and Outlook do NOT run in kernel mode whatsoever. They may talk to kernel-mode drivers like 95% of all user-mode software does (read from a file, talk to the network), but they absolutely do not run in kernel-mode!
C'mon, people. If you want to bash MS, you can do better than make up ridiculous statements like that.