Microsoft Slaps $250K Bounty On Conficker Worm

← Back to Stories (view on slashdot.org)

Microsoft Slaps $250K Bounty On Conficker Worm

Posted by timothy on Thursday February 12, 2009 @11:02AM from the sic-the-french-air-force-on-'em dept.

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

27 of 258 comments (clear)

Min score:

Reason:

Sort:

The new business plan by 140Mandak262Jamuna · 2009-02-12 11:04 · Score: 5, Funny

1. Write malware for windows
2. Give it to a bunch of script kiddies anonymously in bulletin boards.
3. ...
4. Turn them in to MSFT for the bounty.
5. Profit

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:The new business plan by Locke2005 · 2009-02-12 11:13 · Score: 4, Interesting
  
  My thoughts exactly. If hackers can now make big bucks by writing worms then framing someone else for turning them loose on the world, doesn't that provide a powerful incentive to write more worms???
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
2. Re:The new business plan by John+Hasler · 2009-02-12 11:59 · Score: 4, Insightful
  
  They also have to successfully pull off the "framing" part. The authorities are not unfamiliar with the idea that their informants may be lying for the reward.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:The new business plan by binarylarry · 2009-02-12 12:10 · Score: 4, Funny
  
  Yes, I highly doubt the Hans Reiser defense is going to work that well here either.
  
  --
  Mod me down, my New Earth Global Warmingist friends!
"illegally" launching? by djce · 2009-02-12 11:09 · Score: 5, Insightful

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty.
1. Re:"illegally" launching? by Actually,+I+do+RTFA · 2009-02-12 11:11 · Score: 5, Insightful
  
  Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty
  Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent
  
  --
  Your ad here. Ask me how!
2. Re:"illegally" launching? by gad_zuki! · 2009-02-12 12:23 · Score: 4, Insightful
  
  First off, all politics is local. My local laws apply to what you do to me or my equipment in my jurisdiction. On top of that, in civilized countries all this shit is illegal. Remember the sasser worm? MS paid out a 250k bounty and the author was revealed to be a German who was later convicted.
  Secondly, its not too hard to figure out who did this. A lot of these trojans wont install if your default language is Russian. How odd, eh? Essentially, this is a hand out to the Russian government because it protects and profits from its industry of malware writers, most notable The Russian Business Network. These guys arent getting caught. They have the full protection of the Russian government. MS and the rest know this, but they also know that money talks and a high profile defector would be good for the cause.
  Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.
3. Re:"illegally" launching? by ndege · 2009-02-12 13:54 · Score: 5, Interesting
  
  Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.
  Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.
  I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz
  If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.
  The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.
  -JL
  
  --
  Sig Return: 204 No Content
Microsoft is responsible by Elektroschock · 2009-02-12 11:10 · Score: 3, Insightful

These guys abuse a problem but they also raise awareness for a security problem Microsoft has put into existance through its operating system software. This company should pay and offer its customer to remove the worm for them and compensate them for all the costs caused by their defect software. The guys just exploited the weakness.
Though Microsoft offered a patch I don't remember that Microsoft actively informed its customers about the defects of its software and apologised to me or that my hardware vendor recalled the hardware.
1. Re:Microsoft is responsible by The+Cisco+Kid · 2009-02-12 11:17 · Score: 4, Insightful
  
  Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software produced by MS is riddled with "defects", is either not paying attention or is seriously brainwashed.
2. Re:Microsoft is responsible by transporter_ii · 2009-02-12 11:28 · Score: 3, Insightful
  
  Yeah, after reading the Slashdot article a couple of days ago on not running as an Admin on Windows, I decided to play around a little.
  I found that even though XP Pro lists only the options of running as an Admin or a User, there is in fact a fairly simple way to run as a "power user," which is not as restrictive as a normal user (fairly simple but not fairly obvious way).
  I've set up some domains for Windows server 2003, but I had really never looked at how much you could do with XP, and actually, you can do quite a few of the same things in the group policy settings.
  However, all this goes right out the window on XP Home.
  Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.
  Also, for a project I'm working on, I was looking to secure just the ability to change some network settings. On Linux, what I wanted to do was trivial. On Windows, it was almost impossible without busting the user down from running as an admin...and then program after program fails to work correctly.
  Again, Microsoft deserves everything they are getting.
  
  --
  Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
3. Re:Microsoft is responsible by techno-vampire · 2009-02-12 11:52 · Score: 4, Insightful
  
  And I suppose all the Windows users deserve what they are getting?
  Like you, I love and use Linux, but I don't think that Windows users shouldn't have an OS that's as easy to secure (and use in a secure way) as you and I do. It can be argued, however, that Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.
  
  --
  Good, inexpensive web hosting
4. Re:Microsoft is responsible by StikyPad · 2009-02-12 12:03 · Score: 3, Insightful
  
  True, but the "produced by MS" part is redundant. Pretty much all but the very simplest of software has defects.
  
  --
  https://www.eff.org/https-everywhere
5. Re:Microsoft is responsible by gad_zuki! · 2009-02-12 12:14 · Score: 4, Insightful
  
  >Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.
  Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this. People are surprised their 10 year old software that writes to c:\temp doesnt work anymore. Now that there's an NT ecosystem of software out there (write to profile area, not to system area when running), its easier for MS to do this. Shame that even the good changes MS does is received with the same old bellyaching.
  >Also, for a project I'm working on, I was looking to secure just the ability to change some network settings
  You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.
  >Again, Microsoft deserves everything they are getting.
  MS is a company. It doesnt feel pain or shame. Right now the people feeling the pain are innocent users. Perhaps you should have a little sympathy for them.
6. Re:Microsoft is responsible by Jamie's+Nightmare · 2009-02-12 13:05 · Score: 3, Insightful
  
  Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.
  Demanded or not, just like Linux, this was a security problem that was found and a patch was released to the public. Users either refused to install the patch or had Windows Update disabled for a variety of stupid reasons.
  When the ax falls, who are people going to blame? Certainly not themselves.
  
  --
  "When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
Microsoft: Release a mandatory patch to stop it... by Culture20 · 2009-02-12 11:14 · Score: 4, Interesting

Microsoft, release a mandatory update to turn off auto-run/play, and show a reoccuring opt-out prompt on login that explains that auto-run is turned off, and the risks of turning it back on.

At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!
Malicious? by HTH+NE1 · 2009-02-12 11:29 · Score: 3, Interesting

'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'
Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

--
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
1. Re:Malicious? by StikyPad · 2009-02-12 11:37 · Score: 5, Insightful
  
  Using my resources without my consent is malicious.
  
  --
  https://www.eff.org/https-everywhere
2. Re:Malicious? by drinkypoo · 2009-02-12 11:54 · Score: 3, Funny
  
  Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.
  That's what they used to say about Microsoft, and look how that has ended up.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:250K is too low by Bill+Dimm · 2009-02-12 11:37 · Score: 5, Insightful

10 million zombie PC's are worth more than $250K
The 10 million zombies may be worth much more than $250k to the person that controls them, but they are worth nothing to the guy that lives down the hall from the person that controls them, so he might be quite happy to pick up the money if he knows something.
In separate news, Microsoft budgeting an extra by mkcmkc · 2009-02-12 11:37 · Score: 4, Funny

US$398 to fix security problems with their software...

--
"Not an actor, but he plays one on TV."
*What* providers? by nsayer · 2009-02-12 12:13 · Score: 4, Funny

DNA providers such as ICANN, ORG, and NeuStar

Hey, I'm a DNA provider too, baby.
oops by Anonymous Coward · 2009-02-12 13:57 · Score: 5, Insightful

The worm authors made just one mistake... they were far too successful. They wanted a botnet. Maybe a few thousand computers. Maybe 10 - 20 thousand.
Instead, they wrote a fast spreading worm that infected millions of computers.
What's the difference? The guys who infect 10,000 computers are small fries, and no one is going after them. Infect millions of computers though, and every computer crime agency on the planet will be after you...
Conflicker Flavors by pyrrhonist · 2009-02-12 14:08 · Score: 4, Funny

From the article:

Symantec, which is contributing its malware-analysis expertise to the group, believes there are two main versions of Conflicker, "Flavor A" and "Flavor B,"
The flavors were determined using LOLCATS. True story.

--
Show me on the doll where his noodly appendage touched you.
Tough room by symbolset · 2009-02-12 14:57 · Score: 3, Informative

The MS bounty program has been running since 2003. Thus far they have paid out only one award of $250.

--
Help stamp out iliturcy.
Not likely by symbolset · 2009-02-12 16:28 · Score: 4, Insightful

This program, which has been in place since 2003, has paid out a grand total of $250. All of it in one whopping check to the college mates of the Sasser programmer. Presumably they split it and bought some beer. The program manager must be quite proud of himself.
In related news, Microsoft is working with ICANN and others to prevent the registration of the domain this thing calls home to. It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.
If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.

--
Help stamp out iliturcy.
This is how to troll by symbolset · 2009-02-13 06:08 · Score: 3, Funny

Here we are in the middle of a thread discussing how a recent one of the million pieces of Windows malware has zombied 12 million computers around the world, and you're here to remind us that Windows is more secure because somebody somewhere said so.
Nice. Thanks.

--
Help stamp out iliturcy.