Microsoft offers reward for MyDoom.B leads

The software giant posts its third award for information leading to the arrest of those responsible for releasing a virus--this time, $250,000 for the perpetrator of MyDoom.B.

Robert Lemos Staff Writer, CNET News.com

Robert Lemos

covers viruses, worms and other security threats.

See full bio

Robert Lemos

Jan. 29, 2004 4:34 p.m. PT

2 min read

SEATTLE--Microsoft announced on Thursday that it will offer $250,000 for information leading to the capture and conviction of the individual or group responsible for the release of MyDoom.B.

The original MyDoom virus started spreading on Monday and quickly swamped the Internet. The MyDoom.B variant appeared on Wednesday and, among other things, prevents an infected PC from accessing some Microsoft Web sites and targets Microsoft's main Web site with a denial-of-service attack due to start on Feb. 1.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

"When we looked at the B variant, we found it to be much more malicious," said Sean Sundwall, a spokesman for the software giant. "It's not that we think the person who wrote the original (virus) is not just as culpable."

The reward is the third time Microsoft has posted a $250,000 "Wanted" sign on the Internet. It offered the same amount for information leading to the capture and conviction of the persons or groups responsible for releasing the MSBlast worm and the Sobig.F virus.

Microsoft's reward is the second prompted by the MyDoom epidemic. The SCO Group announced on Tuesday that it is offering $250,000 for information that leads to the capture of the writer of the original virus. Both the original MyDoom virus and the modified version released on Wednesday target SCO's Web site with a denial-of-service attack.

While the people who have released variants in the past haven't been considered to be as malicious as the original virus writer, Microsoft's Sundwall said the modified MyDoom seems much worse than the original. It overwrites the original and attempts to block an infected computer's access to sites that could host important security updates.

"And it attacks us (at Microsoft), of course," Sundwall said.

Computers infected by the variant are expected to begin to deluge the Web sites of Microsoft and the SCO Group with traffic from Feb. 1, or the first time they are turned on after that, until Feb. 12, or when they are shut down after that. It is likely that the attack will be difficult to stop, because it will just appear to be regular attempts to access the Web sites.

Neither the FBI, which should be contacted with tips, nor Microsoft have indicated what, if any, progress has been made tracking down the two perpetrators, for which rewards have already been offered.