Slashdot Mirror
Microsoft Slaps $250K Bounty On Conficker Worm
alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."
I didn't know that part of ICANN's charter was providing DNA. I don't recall my ISP demanding a cheek swab from me when I signed up, so from where is ICANN getting the samples?
If you aren't using Linux and only free and open software (no proprietary BLOBs), then your resources are already being used without your knowledge and consent.
If you install something without understanding what the code is doing, you do not have sufficient knowledge to understand what "consent" means. You are just a user and a user that is going with the crowd and doing whatever you are told.
With Windows and most Linux software you are given a black box and told is does good things. You get to experience some of the good things and think it is wonderful. Your entire experience is at the hands of others. You might try to install lots of stuff to ensure that your computer is not being used against you. Sadly, you will never know the truth. Anything could be hiding some stealthy information and/or resource stealing code and you and the rest of the users like you will never know.
OK, so you have a firewall3 that is supposed to block outbound connections. How do you know it works? How do you know it works for all types of connections? Have you specifically authorized each and every single outbound connection? No, you probably thought some software was "trustworthy" and assumed it would be OK. How do you know your trust is not being betrayed?
If you aren't reading the code, and I do mean all of it, you don't know. You can either be a user or you can be a god. It is up to you. It is, after all, your computer. All it takes is a lot of hard work and a lot of knowledge.
Funny you should mention that ... back when I was still protected by the young offenders act, I made a trojan which essentially did just that. Got 3,000+ computers on it - you should have seen the Seti@Home work units rolling in ...
Thinking back on it, though, I agree with everyone else - just the act of installing it is malicious. Moreover, nobody does this kind of thing without also building in some malicious code. I never used my botnet for anything horrible, but I wrote it with functions which could have caused plenty of harm if I had chosen to use it, or if someone else had stolen control of it. Add to that the fact that THIS particular worm also disables security services, and there's absolutely no question that this software is malicious.
Maybe it's hypocritical of me to criticize them, but I'd like to think I've learned a few things about morality since I was a teenager. I'm certainly in favour of prosecuting them regardless of whether they intentionally use it to cause harm.