Microsoft puts $250,000 bounty on Conficker coder
By Stuart Turton
Posted on 13 Feb 2009 at 08:27
Microsoft is offering $250,000 to the person who hands it information leading to the conviction of the creators of the Conficker Worm.
Conficker, also known as Downadup, exploits a flaw in Windows Server that was patched by Microsoft back in October.
The infection rate has been staggering with experts suggesting that over ten million machines have now been affected, especially in countries where unpatched software is prevalent such as India and Brazil.
The most interesting part about Conficker-infested machines is that, unlike other botnets which contact a single domain to download their malicious software, Conficker cycles through 250 fluctuating domains, only one of which contains the malware payload.
"This makes it impossible and/or impractical for us good guys to shut them all down - most of them are never registered in the first place," noted F-Secure last month.
However, in an effort to combat this Microsoft has teamed up with other industry heavyweights such as Symantec and ICANN to grab these potential domain registrations before the bad guys can. Anybody who attempts to register one of Conficker's targeted domains before the group does will be investigated.
All of which sounds like a step in the right direction, though Microsoft was typically obtuse in describing its plan.
"As part of Microsoft's ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers," says George Stathakopoulos, general manager of the Trustworthy Computing Group at Microsoft.
"By combining our expertise with that of the broader community we can expand the boundaries of defence to better protect people worldwide."
Anybody with information about the worm needs to "contact their international law enforcement agencies," Microsoft warns.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
