Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Slaps $250K Bounty On Conficker Worm

Posted by timothy on from the sic-the-french-air-force-on-'em dept.

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

45 of 258 comments (clear)

  1. The new business plan by 140Mandak262Jamuna · · Score: 5, Funny
    1. Write malware for windows

    2. Give it to a bunch of script kiddies anonymously in bulletin boards.

    3. ...

    4. Turn them in to MSFT for the bounty.

    5. Profit

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:The new business plan by Locke2005 · · Score: 4, Interesting

      My thoughts exactly. If hackers can now make big bucks by writing worms then framing someone else for turning them loose on the world, doesn't that provide a powerful incentive to write more worms???

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:The new business plan by John+Hasler · · Score: 4, Insightful

      They also have to successfully pull off the "framing" part. The authorities are not unfamiliar with the idea that their informants may be lying for the reward.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    3. Re:The new business plan by guyminuslife · · Score: 2, Informative

      Because no one will ever suspect that the guy with the advanced degree, antisocial personality disorder, questionable source of income, and miraculous discovery of "the real hackers," would have had anything to do with it.

      --
      I don't believe in time. It's a grand conspiracy designed to sell watches.
    4. Re:The new business plan by binarylarry · · Score: 4, Funny

      Yes, I highly doubt the Hans Reiser defense is going to work that well here either.

      --
      Mod me down, my New Earth Global Warmingist friends!
    5. Re:The new business plan by Anonymous Coward · · Score: 2, Funny

      Every day I feel the internet looks more and more like the wild wild west....

      A bunch of so called hackers doing whatever they want, with no law to control them.... and now, bounties....

      Now we just need a blondie to come up and collect fake bounties.

    6. Re:The new business plan by RINGSMUTH · · Score: 2, Informative

      Step 1: Russia hires you to program malware for $50K a year.

      Step 2: Russia lets malware loose.

      Step 3: ...

      Step 4: Russia turns you in for $250K.

      Step 5: Russia = Profit!!!

    7. Re:The new business plan by c6gunner · · Score: 2, Funny

      Imagine a distributed supercomputer two orders of magnitude larger than Roadrunner. Whoops, no imagination required. We already have it--and no one knows how hostile it is.

      OMFG, IS SKEYE NET!!!

    8. Re:The new business plan by Narpak · · Score: 2, Interesting

      I guess that is kinda the idea behind an Investigation and a trial. Do collect evidence, examine evidence, ensure that said evidence is correct, then present it in a court for consideration. Just putting out a bounty doesn't mean hackers can "just frame someone" and then collect the reward. In fact, under the current set of laws, framing someone would be a far more serious crime than the worm itself.

      --
      The Long Now Foundation
  2. "illegally" launching? by djce · · Score: 5, Insightful

    Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty.

    1. Re:"illegally" launching? by Actually,+I+do+RTFA · · Score: 5, Insightful

      Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty

      Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

      --
      Your ad here. Ask me how!
    2. Re:"illegally" launching? by tribecom · · Score: 2, Insightful

      apologist for malware authors ... tough gig

    3. Re:"illegally" launching? by gad_zuki! · · Score: 4, Insightful

      First off, all politics is local. My local laws apply to what you do to me or my equipment in my jurisdiction. On top of that, in civilized countries all this shit is illegal. Remember the sasser worm? MS paid out a 250k bounty and the author was revealed to be a German who was later convicted.

      Secondly, its not too hard to figure out who did this. A lot of these trojans wont install if your default language is Russian. How odd, eh? Essentially, this is a hand out to the Russian government because it protects and profits from its industry of malware writers, most notable The Russian Business Network. These guys arent getting caught. They have the full protection of the Russian government. MS and the rest know this, but they also know that money talks and a high profile defector would be good for the cause.

      Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

    4. Re:"illegally" launching? by ndege · · Score: 5, Interesting

      Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

      Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.

      I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz

      If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.

      The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.

      -JL

      --
      Sig Return: 204 No Content
    5. Re:"illegally" launching? by SL+Baur · · Score: 2

      Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

      You are putting blame on the wrong shoulders.

      I'll admit that I caught a virus once - it was a boot sector virus that some idiot brought into the office and infected a floppy disk that we used to boot to get at a stupid MS-DOS only configuration program for an ethernet card. Didn't do anything to me, my equipment was running Linux.

      Perhaps it's time to firewall off Redmond, WA. It certainly would fix the problem.

  3. Microsoft is responsible by Elektroschock · · Score: 3, Insightful

    These guys abuse a problem but they also raise awareness for a security problem Microsoft has put into existance through its operating system software. This company should pay and offer its customer to remove the worm for them and compensate them for all the costs caused by their defect software. The guys just exploited the weakness.

    Though Microsoft offered a patch I don't remember that Microsoft actively informed its customers about the defects of its software and apologised to me or that my hardware vendor recalled the hardware.

    1. Re:Microsoft is responsible by The+Cisco+Kid · · Score: 4, Insightful

      Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software produced by MS is riddled with "defects", is either not paying attention or is seriously brainwashed.

    2. Re:Microsoft is responsible by transporter_ii · · Score: 3, Insightful

      Yeah, after reading the Slashdot article a couple of days ago on not running as an Admin on Windows, I decided to play around a little.

      I found that even though XP Pro lists only the options of running as an Admin or a User, there is in fact a fairly simple way to run as a "power user," which is not as restrictive as a normal user (fairly simple but not fairly obvious way).

      I've set up some domains for Windows server 2003, but I had really never looked at how much you could do with XP, and actually, you can do quite a few of the same things in the group policy settings.

      However, all this goes right out the window on XP Home.

      Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

      Also, for a project I'm working on, I was looking to secure just the ability to change some network settings. On Linux, what I wanted to do was trivial. On Windows, it was almost impossible without busting the user down from running as an admin...and then program after program fails to work correctly.

      Again, Microsoft deserves everything they are getting.

      --
      Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
    3. Re:Microsoft is responsible by techno-vampire · · Score: 4, Insightful
      And I suppose all the Windows users deserve what they are getting?

      Like you, I love and use Linux, but I don't think that Windows users shouldn't have an OS that's as easy to secure (and use in a secure way) as you and I do. It can be argued, however, that Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

      --
      Good, inexpensive web hosting
    4. Re:Microsoft is responsible by StikyPad · · Score: 3, Insightful

      True, but the "produced by MS" part is redundant. Pretty much all but the very simplest of software has defects.

      --
      https://www.eff.org/https-everywhere
    5. Re:Microsoft is responsible by gad_zuki! · · Score: 4, Insightful

      >Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

      Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this. People are surprised their 10 year old software that writes to c:\temp doesnt work anymore. Now that there's an NT ecosystem of software out there (write to profile area, not to system area when running), its easier for MS to do this. Shame that even the good changes MS does is received with the same old bellyaching.

      >Also, for a project I'm working on, I was looking to secure just the ability to change some network settings

      You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.

      >Again, Microsoft deserves everything they are getting.

      MS is a company. It doesnt feel pain or shame. Right now the people feeling the pain are innocent users. Perhaps you should have a little sympathy for them.

    6. Re:Microsoft is responsible by Jamie's+Nightmare · · Score: 3, Insightful

      Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

      Demanded or not, just like Linux, this was a security problem that was found and a patch was released to the public. Users either refused to install the patch or had Windows Update disabled for a variety of stupid reasons.

      When the ax falls, who are people going to blame? Certainly not themselves.

      --
      "When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
    7. Re:Microsoft is responsible by cbiltcliffe · · Score: 2, Funny

      No, that's an MP3 encoder.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  4. Microsoft: Release a mandatory patch to stop it... by Culture20 · · Score: 4, Interesting

    Microsoft, release a mandatory update to turn off auto-run/play, and show a reoccuring opt-out prompt on login that explains that auto-run is turned off, and the risks of turning it back on.

    At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!

  5. Malicious? by HTH+NE1 · · Score: 3, Interesting

    'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'

    Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    1. Re:Malicious? by StikyPad · · Score: 5, Insightful

      Using my resources without my consent is malicious.

      --
      https://www.eff.org/https-everywhere
    2. Re:Malicious? by John+Hasler · · Score: 2, Insightful

      > Has Conficker done anything malicious yet?

      Installing it on someone's pc without their knowledge or permission is malicious. So is blocking access to antivirus sites. So is using said pc to attack other machines.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    3. Re:Malicious? by drinkypoo · · Score: 3, Funny

      Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.

      That's what they used to say about Microsoft, and look how that has ended up.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. Re:250K is too low by Bill+Dimm · · Score: 5, Insightful

    10 million zombie PC's are worth more than $250K

    The 10 million zombies may be worth much more than $250k to the person that controls them, but they are worth nothing to the guy that lives down the hall from the person that controls them, so he might be quite happy to pick up the money if he knows something.

  7. In separate news, Microsoft budgeting an extra by mkcmkc · · Score: 4, Funny

    US$398 to fix security problems with their software...

    --
    "Not an actor, but he plays one on TV."
  8. cheaper to sue by init-five · · Score: 2, Interesting

    When MS learns how to write secure code for less money than what they offer to catch the script kiddies they would do the former. I wonder what happens to the MS coder/team that is responsible for the exploit?

    --
    Hallowed are the Ori
  9. *What* providers? by nsayer · · Score: 4, Funny

    DNA providers such as ICANN, ORG, and NeuStar

    Hey, I'm a DNA provider too, baby.

    1. Re:*What* providers? by couchslug · · Score: 2, Funny

      "Hey, I'm a DNA provider too, baby."

      They can have my DNA when they pour it from my cold, dead keyboard.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  10. Re:How about... by pohl · · Score: 2, Insightful

    I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.

    --

    The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...

  11. A stroke of genius... by w0mprat · · Score: 2, Funny

    I was thinking about this, and thought of a way to counter this threat...

    Patch the vulnerability!

    Who do I see about dropping off my resume?

    --
    After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
    1. Re:A stroke of genius... by symbolset · · Score: 2, Insightful

      Microsoft patched one heinous vector months ago: the broken Server service that allows pathological inputs to execute arbitrary code with System privileges, remotely. They patched it with hasty broken code that will be exploited later this year, but that's a different worm for a different day. They also didn't disable remote logins on this service or do the rational thing and close the port entirely so one exploited PC inside your network is going to spend its whole day cracking passwords. A diligent IT shop might have validated the patch by now. Remember... patches break stuff.

      Still not protected: that laptop that's been sitting in a drawer waiting for the position at that empty desk to be filled. The road warrior whose third party firewall blocks Windows updates.

      Still not fixed: Autorun.

      Blaming the victim isn't going to get you anywhere here. We know better.

      --
      Help stamp out iliturcy.
  12. oops by Anonymous Coward · · Score: 5, Insightful

    The worm authors made just one mistake... they were far too successful. They wanted a botnet. Maybe a few thousand computers. Maybe 10 - 20 thousand.

    Instead, they wrote a fast spreading worm that infected millions of computers.

    What's the difference? The guys who infect 10,000 computers are small fries, and no one is going after them. Infect millions of computers though, and every computer crime agency on the planet will be after you...

  13. Conflicker Flavors by pyrrhonist · · Score: 4, Funny
    From the article:

    Symantec, which is contributing its malware-analysis expertise to the group, believes there are two main versions of Conflicker, "Flavor A" and "Flavor B,"

    The flavors were determined using LOLCATS. True story.

    --
    Show me on the doll where his noodly appendage touched you.
  14. Tough room by symbolset · · Score: 3, Informative

    The MS bounty program has been running since 2003. Thus far they have paid out only one award of $250.

    --
    Help stamp out iliturcy.
  15. I GOT HIM! by Kent+Recal · · Score: 2, Funny

    Hey, I GOT HIM. Even made a photo for you.
    Now sack him and send the bounty to my paypal please.

    This is the guy who is currently officially responsible for windows being vulnerable to worm and malware attacks.
    There have been others in the past but your bounty explicitly asks for the person responsible for this current "conficker" worm, so here you go.

    1. Re:I GOT HIM! by Kent+Recal · · Score: 2, Insightful

      I don't think microsoft has an interest to deal with it in any way. This is a PR-effort to distract from where the blame should really go. Even if they "dealt" with this worm and its attack vectors in some way - the next worm is just around the corner. The security model in windows is just fundamentally broken, thus we'll continue to see worm attacks and pointless bounties.

  16. Well maybe by symbolset · · Score: 2, Insightful

    I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.

    Well maybe they should make a decent OS. Or stop partnering with companies for the purpose of killing them for the secondary benefits. Or suing their customers. Or stealing ideas like Stacker. Or paying Gartner to release "studies" that exclaim their new products are taking off like a rocket. Or taking a perfectly good webmail like hotmail and turning it all greasy. Or trying to kill decent software companies like Netscape, Corel and Adobe. Or launching disinformation campaigns like "get the facts" and "Mojave Project". Or generally puking all over everything in IT. Or paying folks like SCO to sue decent folk who are just trying to use decent software. Or... oh screw it. None of that is ever going to happen. Never mind.

    Slashdot is never going to like Microsoft.

    --
    Help stamp out iliturcy.
  17. Not likely by symbolset · · Score: 4, Insightful

    This program, which has been in place since 2003, has paid out a grand total of $250. All of it in one whopping check to the college mates of the Sasser programmer. Presumably they split it and bought some beer. The program manager must be quite proud of himself.

    In related news, Microsoft is working with ICANN and others to prevent the registration of the domain this thing calls home to. It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.

    If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.

    --
    Help stamp out iliturcy.
  18. The old business plan by clarkn0va · · Score: 2, Funny

    1. Write an operating system and spend seven minutes making it secure
    2. Sell it to a bunch of VPs, CTOs and OEMs from arm's length.
    3. ...
    4. Offer seven minutes worth of earnings to whoever catches "the bastard" that tried to rain on their parade
    5. Profit!

    --
    I am literally 3000 tokens away from the chaotic crossbow --Stephen
  19. This is how to troll by symbolset · · Score: 3, Funny

    Here we are in the middle of a thread discussing how a recent one of the million pieces of Windows malware has zombied 12 million computers around the world, and you're here to remind us that Windows is more secure because somebody somewhere said so.

    Nice. Thanks.

    --
    Help stamp out iliturcy.