Microsoft Slaps $250K Bounty On Conficker Worm

← Back to Stories (view on slashdot.org)

Microsoft Slaps $250K Bounty On Conficker Worm

Posted by timothy on Thursday February 12, 2009 @11:02AM from the sic-the-french-air-force-on-'em dept.

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

24 of 258 comments (clear)

Min score:

Reason:

Sort:

"illegally" launching? by djce · 2009-02-12 11:09 · Score: 5, Insightful

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty.
1. Re:"illegally" launching? by Actually,+I+do+RTFA · 2009-02-12 11:11 · Score: 5, Insightful
  
  Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty
  Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent
  
  --
  Your ad here. Ask me how!
2. Re:"illegally" launching? by tribecom · 2009-02-12 11:13 · Score: 2, Insightful
  
  apologist for malware authors ... tough gig
3. Re:"illegally" launching? by gad_zuki! · 2009-02-12 12:23 · Score: 4, Insightful
  
  First off, all politics is local. My local laws apply to what you do to me or my equipment in my jurisdiction. On top of that, in civilized countries all this shit is illegal. Remember the sasser worm? MS paid out a 250k bounty and the author was revealed to be a German who was later convicted.
  Secondly, its not too hard to figure out who did this. A lot of these trojans wont install if your default language is Russian. How odd, eh? Essentially, this is a hand out to the Russian government because it protects and profits from its industry of malware writers, most notable The Russian Business Network. These guys arent getting caught. They have the full protection of the Russian government. MS and the rest know this, but they also know that money talks and a high profile defector would be good for the cause.
  Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.
Microsoft is responsible by Elektroschock · 2009-02-12 11:10 · Score: 3, Insightful

These guys abuse a problem but they also raise awareness for a security problem Microsoft has put into existance through its operating system software. This company should pay and offer its customer to remove the worm for them and compensate them for all the costs caused by their defect software. The guys just exploited the weakness.
Though Microsoft offered a patch I don't remember that Microsoft actively informed its customers about the defects of its software and apologised to me or that my hardware vendor recalled the hardware.
1. Re:Microsoft is responsible by The+Cisco+Kid · 2009-02-12 11:17 · Score: 4, Insightful
  
  Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software produced by MS is riddled with "defects", is either not paying attention or is seriously brainwashed.
2. Re:Microsoft is responsible by transporter_ii · 2009-02-12 11:28 · Score: 3, Insightful
  
  Yeah, after reading the Slashdot article a couple of days ago on not running as an Admin on Windows, I decided to play around a little.
  I found that even though XP Pro lists only the options of running as an Admin or a User, there is in fact a fairly simple way to run as a "power user," which is not as restrictive as a normal user (fairly simple but not fairly obvious way).
  I've set up some domains for Windows server 2003, but I had really never looked at how much you could do with XP, and actually, you can do quite a few of the same things in the group policy settings.
  However, all this goes right out the window on XP Home.
  Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.
  Also, for a project I'm working on, I was looking to secure just the ability to change some network settings. On Linux, what I wanted to do was trivial. On Windows, it was almost impossible without busting the user down from running as an admin...and then program after program fails to work correctly.
  Again, Microsoft deserves everything they are getting.
  
  --
  Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
3. Re:Microsoft is responsible by techno-vampire · 2009-02-12 11:52 · Score: 4, Insightful
  
  And I suppose all the Windows users deserve what they are getting?
  Like you, I love and use Linux, but I don't think that Windows users shouldn't have an OS that's as easy to secure (and use in a secure way) as you and I do. It can be argued, however, that Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.
  
  --
  Good, inexpensive web hosting
4. Re:Microsoft is responsible by StikyPad · 2009-02-12 12:03 · Score: 3, Insightful
  
  True, but the "produced by MS" part is redundant. Pretty much all but the very simplest of software has defects.
  
  --
  https://www.eff.org/https-everywhere
5. Re:Microsoft is responsible by gad_zuki! · 2009-02-12 12:14 · Score: 4, Insightful
  
  >Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.
  Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this. People are surprised their 10 year old software that writes to c:\temp doesnt work anymore. Now that there's an NT ecosystem of software out there (write to profile area, not to system area when running), its easier for MS to do this. Shame that even the good changes MS does is received with the same old bellyaching.
  >Also, for a project I'm working on, I was looking to secure just the ability to change some network settings
  You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.
  >Again, Microsoft deserves everything they are getting.
  MS is a company. It doesnt feel pain or shame. Right now the people feeling the pain are innocent users. Perhaps you should have a little sympathy for them.
6. Re:Microsoft is responsible by Jamie's+Nightmare · 2009-02-12 13:05 · Score: 3, Insightful
  
  Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.
  Demanded or not, just like Linux, this was a security problem that was found and a patch was released to the public. Users either refused to install the patch or had Windows Update disabled for a variety of stupid reasons.
  When the ax falls, who are people going to blame? Certainly not themselves.
  
  --
  "When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
How about... by alexborges · 2009-02-12 11:27 · Score: 1, Insightful

Actually making a decent OS?

--
NO SIG
1. Re:How about... by pohl · 2009-02-12 13:36 · Score: 2, Insightful
  
  I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.
  
  --
  The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
Re:Malicious? by OverlordQ · 2009-02-12 11:36 · Score: 1, Insightful

How is it not malicious already? It downloads and spreads unknown crap without peoples knowledge.

--
Your hair look like poop, Bob! - Wanker.
Re:250K is too low by Bill+Dimm · 2009-02-12 11:37 · Score: 5, Insightful

10 million zombie PC's are worth more than $250K
The 10 million zombies may be worth much more than $250k to the person that controls them, but they are worth nothing to the guy that lives down the hall from the person that controls them, so he might be quite happy to pick up the money if he knows something.
Re:Malicious? by StikyPad · 2009-02-12 11:37 · Score: 5, Insightful

Using my resources without my consent is malicious.

--
https://www.eff.org/https-everywhere
Re:Malicious? by John+Hasler · 2009-02-12 11:38 · Score: 2, Insightful

> Has Conficker done anything malicious yet?
Installing it on someone's pc without their knowledge or permission is malicious. So is blocking access to antivirus sites. So is using said pc to attack other machines.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:The new business plan by John+Hasler · 2009-02-12 11:59 · Score: 4, Insightful

They also have to successfully pull off the "framing" part. The authorities are not unfamiliar with the idea that their informants may be lying for the reward.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
oops by Anonymous Coward · 2009-02-12 13:57 · Score: 5, Insightful

The worm authors made just one mistake... they were far too successful. They wanted a botnet. Maybe a few thousand computers. Maybe 10 - 20 thousand.
Instead, they wrote a fast spreading worm that infected millions of computers.
What's the difference? The guys who infect 10,000 computers are small fries, and no one is going after them. Infect millions of computers though, and every computer crime agency on the planet will be after you...
Re:Malicious? by Anonymous Coward · 2009-02-12 14:58 · Score: 1, Insightful

Using my resources without my consent is malicious.
No, keying your car is malicious. Borrowing one of your t-shirts without your permission is merely inconsiderate.
Re:I GOT HIM! by Kent+Recal · 2009-02-12 15:43 · Score: 2, Insightful

I don't think microsoft has an interest to deal with it in any way. This is a PR-effort to distract from where the blame should really go. Even if they "dealt" with this worm and its attack vectors in some way - the next worm is just around the corner. The security model in windows is just fundamentally broken, thus we'll continue to see worm attacks and pointless bounties.
Well maybe by symbolset · 2009-02-12 16:03 · Score: 2, Insightful

I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.
Well maybe they should make a decent OS. Or stop partnering with companies for the purpose of killing them for the secondary benefits. Or suing their customers. Or stealing ideas like Stacker. Or paying Gartner to release "studies" that exclaim their new products are taking off like a rocket. Or taking a perfectly good webmail like hotmail and turning it all greasy. Or trying to kill decent software companies like Netscape, Corel and Adobe. Or launching disinformation campaigns like "get the facts" and "Mojave Project". Or generally puking all over everything in IT. Or paying folks like SCO to sue decent folk who are just trying to use decent software. Or... oh screw it. None of that is ever going to happen. Never mind.
Slashdot is never going to like Microsoft.

--
Help stamp out iliturcy.
Not likely by symbolset · 2009-02-12 16:28 · Score: 4, Insightful

This program, which has been in place since 2003, has paid out a grand total of $250. All of it in one whopping check to the college mates of the Sasser programmer. Presumably they split it and bought some beer. The program manager must be quite proud of himself.
In related news, Microsoft is working with ICANN and others to prevent the registration of the domain this thing calls home to. It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.
If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.

--
Help stamp out iliturcy.
Re:A stroke of genius... by symbolset · 2009-02-12 16:41 · Score: 2, Insightful

Microsoft patched one heinous vector months ago: the broken Server service that allows pathological inputs to execute arbitrary code with System privileges, remotely. They patched it with hasty broken code that will be exploited later this year, but that's a different worm for a different day. They also didn't disable remote logins on this service or do the rational thing and close the port entirely so one exploited PC inside your network is going to spend its whole day cracking passwords. A diligent IT shop might have validated the patch by now. Remember... patches break stuff.
Still not protected: that laptop that's been sitting in a drawer waiting for the position at that empty desk to be filled. The road warrior whose third party firewall blocks Windows updates.
Still not fixed: Autorun.
Blaming the victim isn't going to get you anywhere here. We know better.

--
Help stamp out iliturcy.