Microsoft Slaps $250K Bounty On Conficker Worm

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

The new business plan

[140Mandak262Jamuna]

1. Write malware for windows

2. Give it to a bunch of script kiddies anonymously in bulletin boards.

3. ...

4. Turn them in to MSFT for the bounty.

5. Profit

"illegally" launching?

[djce]

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty.

Re:"illegally" launching?

[Actually,+I+do+RTFA]

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

Re:"illegally" launching?

[ndege]

Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.

I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz

If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.

The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.

-JL

Re:250K is too low

[Bill+Dimm]

10 million zombie PC's are worth more than $250K

The 10 million zombies may be worth much more than $250k to the person that controls them, but they are worth nothing to the guy that lives down the hall from the person that controls them, so he might be quite happy to pick up the money if he knows something.

Re:Malicious?

[StikyPad]

Using my resources without my consent is malicious.

oops

The worm authors made just one mistake... they were far too successful. They wanted a botnet. Maybe a few thousand computers. Maybe 10 - 20 thousand.

Instead, they wrote a fast spreading worm that infected millions of computers.

What's the difference? The guys who infect 10,000 computers are small fries, and no one is going after them. Infect millions of computers though, and every computer crime agency on the planet will be after you...