back to article MS puts up $250K bounty for Conficker author

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker (Downadup) worm. The bounty, announced Thursday, represents a revival of Microsoft's mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004. In …

COMMENTS

This topic is closed for new posts.
  1. Daniel Garcia
    Gates Horns

    i hope

    that the guy lunch a total attack to microchoff in response.

    i would like to wacth a cyberbattle of that magnitude.

    i could not care less of the fate of both side.

  2. Tim Blair
    Unhappy

    Fess Up .....

    It was me dude. can I have the reward? I need to buy "try again 7" to have any chance to fix vista....

    Fek wish I still had the brains to go Linux..

  3. Anonymous Coward
    Thumb Down

    Aren't Microsoft responsible ...

    ... for designing, implementing, and distributing such a crap insecure excuse for an operating system?

  4. Timo

    can the writer turn himself in?

    hey - can the virus author turn himself in? Might be a nice windfall, although I would bet that he might make more money than this already.

  5. Colin Wilson
    Linux

    Great...

    How about they secure their flawed operating system(s) instead of offering a "reward" for someone who simply manages to show how badly written / insecure it was ?

    When it comes to updates, i'd love to see a court rule that Microsoft need to send a free update CD to *every* registered user for each and every security flaw - they'd take a whole different approach to security after that !

  6. Anonymous Coward
    Anonymous Coward

    err

    "the possibility of betrayal will give the authors of the worm pause for though before they activate the monster botnet their malware has established."

    What have they got to lose? May aswell deliver a devestating package as opposed to a profitable one.

    On the plus side if the author nukes 10 million systems just think about all the windows vista licenses MS will be able to push.

  7. Anonymous Coward
    Anonymous Coward

    y'kow.....

    .....if the perp is Russian I bet even sticking sicks noughts on the end couldn't induce anyone ot grass them up.....unless it were their employer

  8. Richard Kay
    Stop

    How to blackmail domain owners

    "Microsoft is partnering with security researchers, the Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the domain name system to disable domains used by Conficker"

    So all you have to do is program a botnet worm so it can be controlled by the domains you want to get disabled. Then blackmail the owner of said domains to get these removed from your list.

  9. Joe Flynn
    Gates Halo

    Hah.

    Good to see that MS' virus protection involves waiting for the virus to infected millions and then try and find the guy that made it. Most companies would just fill software holes quickly and maybe even develop an embedded antivirus that works, but it's good to see that MS do it the modern way.

  10. Hollerith

    I want!

    Not to comment, but the image. Who is that mystery girl?!?

    Oh and, MS: good luck with that.

  11. Cameron Colley

    Nice they admit to failure.

    Rather than spend any money to write a secure operating system they just pay to have VX'ers arrested.

  12. Roger Heathcote
    Pirate

    I know who it is!....

    I must confess I have known this all along and the guilt has finally gotten to me. It was written by...

    Jacqui Smith

    House of Commons

    London

    SW1A 0AA

    Please donate the reward to the Debian project.

  13. Anonymous Coward
    Gates Halo

    @ MS Insecure .. blah blah blah

    You guys do realise that MS patched the vulnerability months before conficker started to show up right? Poor patching by end users and network admins should be to blame ... not MS.

  14. Colin Wilson
    Linux

    FAO: Tim

    Linux isn't actually that hard nowadays - try booting from a live linux CD (I use Ubuntu) and see if all your hardware works first of all (if it doesn't you'll know where you might need to investigate further before installing to enable a smooth transition).

    It might "sound" hard for a new user to get to grips with, but if you install it alongside windows using the wubi installer (the middle option in Ubuntu if you put the CD in while windows is running) and dip into it regularly, you'll soon get the hang of it - I often go a couple of weeks without loading windows on the laptop i'm currently typing this on.

    There can be some "tricky" issues with some hardware - for instance I can't get this laptop to suspend and resume when I shut the lid - but it boots quicker than Windows anyway, so I can live with shutting it down (takes ~10 seconds) and booting up again as needed. For many people everything just works as you'd expect without any hassle at all.

    From a Windows users' point of view if the hardware is working ok, the hardest thing is probably getting to grips with the names of different applications so you can install them.

    Some "problems" may need what look like messy command line entries, but you can usually find help with the exact command you need to enter via google, but you may well find you don't need to use the command line (aka terminal / shell) at all.

  15. Christopher Ahrens

    The machines that are infected...

    Nearly all of the machines (Close to %97) are pirated copies that have had code checking hacked out of them to circumvent the activation process, which means that any update code will be useless on those systems, so its not that the code is written badly, its the code used to exploit.

    @Joe - If MS was to include an Anti-virus into the OS then the EC will be up their Ass in no time complaining that they are destroying competition, at which point all the Rabid Fanboys will be saying how evil Microsoft is, etc. BTW there is an anti-malware application in the OS already the MSRT, which has had the code to protect against [Conflicker, downadup] since Nov of last year, people just didn't appl it in time to prevent infection.

  16. Anonymous Coward
    Flame

    Linux Monkeys Again

    So what will you monkeys have to say when Linux finally gets to MS's market share and now you are the insecure OS. Security through obscurity is not security. Remember, while you are linux monkeys, the rest of the computing population are not but techno peasants

  17. Graham Marsden
    Thumb Down

    So, what they are saying...

    ... is that it's going to cost them more than $250k to fix the gaping security breaches in their product...!

  18. David

    It was me

    If the fine is less than $250,000 then it was me.

  19. David
    Gates Horns

    Hi this is Steve Ballmer.

    When I catch you (and I will) I will tie you up in my office and throw chairs at you all day. Then I will hand you over to Bill the next day, and he will force you to use Microsoft software for a day. That will teach you.

  20. Magilla
    Gates Horns

    @Cameron Colley

    Indeed. A better course of action would be to open the source and offer $100-$1000 for each bug that is found, depending on severity...

  21. api devlab
    Coat

    @ Richard Kay

    My thoughts exactly, lets patent it and sue them all

  22. RW
    IT Angle

    What's the problem with Windows?

    Legacy code, legacy attitudes, and legacy skills.

    Didn't I once read a comment from a Microsoftie to the effect that Windows now comprises some 4 billion lines of code and no one really understands it all?

    Then look at the security hole last year related to the handling of WMF files (Windows Metafiles, a graphic file format). Turned out the code goes all the way back to Win3.1 and has been retained in every version of Windows since then.

    It's quite clear to me that the Windows kernel is mal-designed and only by rebuilding the beast from the kernel on out is there any hope of achieving a secure version of Windows.

    But even that wouldn't help because the Microsoft mindset wouldn't change: the marketers would still be allowed to interfere with technical issues, as would the Hollywood studios. Microsoft have neither the skills nor the warm bodies to rebuild the beast from scratch. Yet that appears to be the only solution to the unending discovery of holes, holes, and more holes.

    Let's face it: Windows has long since passed its best-before date and is now so old it's moldy. And, to continue the food analogy, toxic as all get-out.

    The funny thing is that the Unix kernel (and that of it's kid cousin Linux) seems to be pretty close to bulletproof. Yet Unix is considerably older than Windows.

    Is it possible we can blame a lot of the Windows mess on Bill Gates' inferior programming skills?

  23. Steve Bush

    Seperately?! Separately!

    or do I have to get used to new sensible spelling?

  24. Anonymous Coward
    Paris Hilton

    @ Colin Wilson

    You're right, Linux is much easier these days, so that just makes it bloody unpleasant as opposed to arcane and requiring you to sacrifice a live chicken so you can drip it's blood onto the keyboard while you recite the magic incantations.

    Seriously though, even Ubuntu (which I use alongside a couple of Windows boxes) still requires the magic chicken waving every now and then but it comes on a live CD with a couple of handy sachets of ready sacrificed virgin chicken blood just to save you the trouble of having to run out in the middle of the night and hunt down a chicken.

    As for Conficker, I'm still seeing new infections on sites that should know *much* better... No patches applied, no internal policies to prevent users introducing it to the network and antivirus that's not had a working update mechanism for *months*.

    Paris, I'm sure she knows more about safe Hex than some of the muppets who set site update policy or don't bother checking their AV is working correctly.

  25. The Fuzzy Wotnot
    Thumb Down

    Oh dear...

    "We wrote slightly iffy software and we have no idea how to fix it! Sod it, go all WIld West! Let's get Boba Fett or that long-haired girly-man bounty hunter off the telly, Bog or Dog whatever his name was!"

  26. Anonymous Coward
    Anonymous Coward

    you see

    with this comment you hit it on the head :

    "Linux isn't actually that hard nowadays - try booting from a live linux CD (I use Ubuntu) and see if all your hardware works first of all (if it doesn't you'll know where you might need to investigate further before installing to enable a smooth transition)."

    SEE IF - average users don't deal with SEE IF , they deal with SEE.

    "It's quite clear to me that the Windows kernel is mal-designed and only by rebuilding the beast from the kernel on out is there any hope of achieving a secure version of Windows."

    They preety much did , lots of work went into changing it on vista.

    and don't forget no-one fully understands the linux distro code either, otherwise it wouldn't have taken years to fix something with keys not being generated, which stayed so long cause sod all people understand it enough to work on it.

  27. Telecide
    Thumb Up

    @Christopher Ahrens

    So the pirated copies of Vista that typically do the rounds on bittorrent sites have Conflicker, or backdoors to allow infection of Conflicker, built in? This makes me glad I'm an Ubuntu user.

  28. Matthew Collier

    @AC: "Linux Monkeys Again"

    "So what will you monkeys have to say when Linux finally gets to MS's market share and now you are the insecure OS. Security through obscurity is not security."

    1. I doubt it ever will (not necessarily a bad thing) - are we counting BSD/OSX as part of that said market share, BTW? ;)

    2. Yeah, you're right, the Linux security model is based on it's obscurity....apart from it's majority presence in the web server segment which last time I looked, was quite a large one... ;)

  29. Anonymous Coward
    IT Angle

    M$AV?

    M$ already had an AV in windows 3, it came bundled with FORM virus...

    Paris, ugh, I can't...

  30. Anonymous Coward
    Anonymous Coward

    I view this as a self imposed fine on MS

    Well done MS, paying up for your mistakes. Now get your security model sorted out.

  31. Rob Crawford

    @RW

    Considering that the guys who originally started the whole UNIX thing off didn't have sales & marketing depts yammering in their ears about focus groups and the user experiance, etc it's no surprise that it was a decent system to build upon.

    Just an observation though where are the apple fanboys ?

  32. zenkaon
    Linux

    @AC 21:31 GMT

    What do you mean "Security through obscurity" on Linux?? It's all open source and peer reviewed. If a flaw is found then it is reported and fixed pretty damn fast. I'm glad you agree that Linux will get to MS's market share.

    I'm with Daniel Garcia and would like the "wanted dead or alive" guy to launch an attack on MS, that'd be funny.

  33. amanfromMars Silver badge

    Give the man a break .

    "Is it possible we can blame a lot of the Windows mess on Bill Gates' inferior programming skills?".... By RW Posted Friday 13th February 2009 01:27 GMT

    RW,

    I think you will find that Bill has always said he is first and foremost a businessman, so one cannot really blame the Windows mess on his inferior programming skills, but more accurately on his sub-prime business acumen...... and things appear to have changed not a jot on the Microsoft bridge even Bill has supposedly moved on to better things.

  34. Fred

    @ Colin Wilson

    I agree - Chalk me up as another smug Ubuntu User!

    The install IS painless and very quick. I just kept a dual boot until i found the scripts i needed to get Ubuntu online (Hardy Heron) via my phone, and since I reclaimed all of my hard drive back for use with Ubuntu I haven't looked back.

    And given the amount of praise i hear from friends and family that also switched to Ubuntu it's definitely onto a winner!

    Advice for current windows users: start learning. If my parents and children can use Ubuntu so can you!

  35. John Imrie
    Happy

    So you are a bot farm manager

    And you are worried about betrayal by your colleges. Well M$ has just announced the minimum take per college you need in order to keep them all loyal.

    Thanks M$

  36. Tom

    @amanfromMars

    Bull, I mean Bill, may claim to be a business man, but what he really is is an astute poker player, just like he was back when he dropped out of college.

  37. James Hughes

    Lots of blame for M$

    Not much for the guy who wrote the worm itself. Who, lets be honest, IS the person doing the crime.

    Odd.

    He should be executed. That'll make these to**ers think again before causing so much grief.

    Oh, and I use Ubuntu btw.

    And as to the people who want he/she to go ahead and activate...given what might happen are you happy to help pay for the millions of pounds lost because of it? In taxes (Government systems go titsup), insurance (insurance companies systems go tits up), defence (RAF already infected) etc etc etc. Trying thinking of the consequences before asking for things like this - they might not be *really* what you want.

  38. Dunhill
    Coat

    business=business

    re: Paris, I'm sure she knows more about safe Hex than some of the muppets who set site update policy or don't bother checking their AV is working correctly.

    Call them Lemmings, who after years of abuse [yes/no/maybe] [error 35654@54] [contact your system administrator] they figured out that just clicking on something till it maybe works, is the quickest solution. reading the given information is proved to be a loss of time ..... .

    Result, switch off updates (you cannot always trust them), remove anti-virus programs else you cannot access your favorite word document of music stick without those annoying messages and overkill popups.

    re: I think you will find that Bill has always said he is first and foremost a businessman, so one cannot really blame the Windows mess on his inferior programming skills

    That is oh so true, business first, if the product works for you, be happy, if it does not .. wait and pay for the next update. MS does really care about NOT having high quality, else they will never be able to sell an update or new version, and THAT is bad for business.

    (yes, there are OSses out there that you install once and forget for the next xx years, like some Novell servers, IBM flavors and that does not make money, thus VERY VERY bad for business)

    re: $250.000 ...

    What an awfull cheap offer, but again business is MS-business, they don't really care about 250k, but it covers the FREE advertisement/name-recognition in several magazines, newspapers, etc

    As long as MS does not loose $$$$$ they are not really trying to invest $ in training users/administrators to keep their systems running clean.

    They rather sell you a new update/version,whatever

    For me:

    I prey that MS does not go down, because all the sh$t that comes with them makes for me $$ to fix it, and that pays the bills.

    But at my places everything is MS free, so i have at least some place to work relaxed without being afraid for the next crash.

    My coat .. filled with OS/2,OpenSuse,Ubuntu for relaxed work and a xp-ue copy to make $$

  39. Mr B
    Go

    $250 k

    to capture Bill Gate ... because he let it happen.

    Ballmer is taking the P. BG is worth a little bit more.

    @Rob Crawford: I'm here but I shut up, because it good monies for me even if I have to put with the RDC pooh to access M$ crap. I'm drinking heaven smoothies at the moment so no inclination to rant ;o)

  40. Anonymous Coward
    Dead Vulture

    The BBC coverage of this is quite amusing

    The article is fairly unremarkable but the pictures are of outstanding quality: First, "anyone with information is urged to contact the police" - and a good way to find such information might be to go looking for fingerprints with a magnifying glass, for example. I'm not sure which is worse, this or one of those nonsense "cyberspace" graphics. Secondly, "Millions of computers have been hit by Conficker" - and as this photo of discarded electronics shows, the only way to deal with the virus is to throw away your monitor, keyboard and/or TV now! I'm not sure what to say about the other two pictures, as they appear to just follow the BBC norm of adding essentially no value or information to the article, and have no real humour value except in this respect. Anyway, article here: http://news.bbc.co.uk/1/hi/technology/7887577.stm?lss

  41. Anonymous Coward
    Anonymous Coward

    Ubuntu?? U cares

    Oh for fucks sake. Will you linux lovers kindly shut the fuck up and stop bestowing the values of an OS most people couldn't really give a flying fuck about.

    I turn on my windows box, it does my email, it and the AV software update them selves, i turn it off. Ad infinitum

  42. Anonymous Coward
    Anonymous Coward

    Only 250k?

    I supposed it's a damn site cheaper than fixing their steaming pile of dogshit.

  43. amanfromMars Silver badge
    Pirate

    Poker, a Game of Chance? Err, No, Not Really

    "Bull, I mean Bill, may claim to be a business man, but what he really is is an astute poker player, just like he was back when he dropped out of college." ..... By Tom Posted Friday 13th February 2009 14:26 GMT

    Thanks for the info., Tom. It has raised the Game to a higher level, knowing he likes to play poker and take chances/calculated and/or calculating risks.

    You wouldn't happen to have his email address, would you, just in case I wanted to tempt him with some aces to bankrupt the casino and/or take it over.

    Good astute poker players are as rare as hens' teeth and thus are able and enabled to command and deliver a priceless premium to elevate the stakes to something worth playing for/losing.

  44. webdude

    And just what good will that do?

    Their was malware before Conflicker and their will be after. Just because someone was smart enough to take advantage of an idiot who will click on anything is no reason to get your panties in a twist. The problem is between the seat and the keyboard.

    You just can't fix stupid!

  45. Anonymous Coward
    Coat

    Linux sacrifices on the night of the full moon

    "Linux isn't actually that hard nowadays - try booting from a live linux CD (I use Ubuntu) and see if all your hardware works first of all (if it doesn't you'll know where you might need to investigate further before installing to enable a smooth transition)."

    Dude I appreciate what you're trying to tell us, but hardware problems PLUS command-line just isn't where it's at for a lot of people. And that's assuming that a solution actually exists - they could go through all that only to discover, as I did, that there was no way to make the stupid thing work correctly. Printers in particular were troublesome, computer wouldn't sleep, monitor wouldn't sleep and couldn't be set to anything higher than 1024 x 768 (all those things worked just fine under Windows), and then if a person still has some energy left over they can try to figure out how to properly and *safely* set up a good Linux firewall without a bunch of complicated-sounding iptables stuff that require animal sacrifices on the night of a full moon. ;) Just too much for the normal user to deal with. Linux had better continue to improve, and fast, otherwise Windows or Mac (not sure which is worse - I use both) could yet overrun the world.

  46. Anonymous Coward
    Unhappy

    Computer bad, so toss the monitor

    @ AC:

    "...this photo of discarded electronics shows, the only way to deal with the virus is to throw away your monitor, keyboard and/or TV now!"

    LOL that's funny... and sad. The person who selected that BBC clip-art probably is the same type of dimwit who has always thought the monitor *was* the computer - you know, like those people who get mad at their computer so they shoot the monitor, or toss the monitor out the window, while the computer tower sits under the desk untouched. Looks like the BBC pic is predominately old CRT monitors...

    And what's that dark thing on the right side, could that be a... a... large old black electric TYPEWRITER??! I'll have to get my glasses...

  47. Gio Ciampa
    Gates Horns

    Automatic patching - MS misinformation

    I heard a radio interview with some Microsoft spokesman or other (I was driving down the M4 at the time so missed the name) - and he said two things:

    1. That the flaw had been patched, and those affected hadn't updated.

    All fair enough.

    2. Microsoft is the only company that automatically sends updates to its users - every second Tuesday.

    Now this is at best misinformation - at worst an outright lie.

    How many anti-virus (and other) vendors out there auto-update daily (if not more often)?

    How many Linux distributions do exactly as Windows does and tell you there are updates available?

    The simple answer - not just Microsoft. So was this a poorly briefed spokesman, or pure and simple untruth?

    (Aside: when did "Patch Tuesday" become "Patch every other Tuesday"? I must have missed that announcement - I'm surprised it wasn't trumpeted all over the media as a great leap forward in security)

  48. Anonymous Coward
    Jobs Horns

    Catch the russian

    Everyone knows this was written by the russians. They always are. Most of the banking trojans i have seen on "underground" forums. Are russian authors. US coders are too scared to write this shit anymore

This topic is closed for new posts.

Other stories you might like