Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Slaps $250K Bounty On Conficker Worm

Posted by timothy on from the sic-the-french-air-force-on-'em dept.

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

6 of 258 comments (clear)

  1. Re:The new business plan by Locke2005 · · Score: 4, Interesting

    My thoughts exactly. If hackers can now make big bucks by writing worms then framing someone else for turning them loose on the world, doesn't that provide a powerful incentive to write more worms???

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  2. Microsoft: Release a mandatory patch to stop it... by Culture20 · · Score: 4, Interesting

    Microsoft, release a mandatory update to turn off auto-run/play, and show a reoccuring opt-out prompt on login that explains that auto-run is turned off, and the risks of turning it back on.

    At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!

  3. Malicious? by HTH+NE1 · · Score: 3, Interesting

    'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'

    Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  4. cheaper to sue by init-five · · Score: 2, Interesting

    When MS learns how to write secure code for less money than what they offer to catch the script kiddies they would do the former. I wonder what happens to the MS coder/team that is responsible for the exploit?

    --
    Hallowed are the Ori
  5. Re:"illegally" launching? by ndege · · Score: 5, Interesting

    Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

    Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.

    I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz

    If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.

    The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.

    -JL

    --
    Sig Return: 204 No Content
  6. Re:The new business plan by Narpak · · Score: 2, Interesting

    I guess that is kinda the idea behind an Investigation and a trial. Do collect evidence, examine evidence, ensure that said evidence is correct, then present it in a court for consideration. Just putting out a bounty doesn't mean hackers can "just frame someone" and then collect the reward. In fact, under the current set of laws, framing someone would be a far more serious crime than the worm itself.

    --
    The Long Now Foundation