The initiative, as, promises a reward of up to $250,000 for information leading to the conviction of the person or group responsible for launching the MSBlast worm and another $250,000 for similar information about the Sobig.F virus. The program has been funded with $5 million from Microsoft's coffers and will offer similar amounts for future threats.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
"It really depends on the demographic," said Carey Nachenberg, chief architect for security firm Symantec. "It will make the typical virus writers--13- to 25-year-olds--think twice about releasing viruses."
Virus writers who intend to release bugs will have to be a lot more careful about who they associate with on the Internet, said Peter Allor, director of vulnerability research for network protection provider Internet Security Systems.
"You have a fair chance of someone turning their buddy in," he said. Virus writers "are going to be very careful about who their alliances are with and who they work with."
Others believe the reward won't have a practical effect, aside from marginally increasing the distrust in an already paranoid community.
"Nothing will change," said Roberto Preatoni, founder of security site Zone-H.org. "I guess it's more like a publicity advertising stunt. (Microsoft Chairman) Bill (Gates) cares about security, and he will pay on behalf of the world."
The litmus test for the new initiative will be whether the $250,000 bounties produce additional suspects in the MSBlast and Sobig virus investigations, which have seemingly stalled.
MSBlast, also known as Blaster and Lovsan, , according to data from security company Symantec. The worm compromised computers by using a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier. A variant of the worm, MSBlast.D, was intended to protect machines against the original program, but it ended up being so aggressive that the avalanche of data it produced shut down networks. Thevia e-mail on Aug. 19, compromising users' computers with software designed to turn the systems into tools for junk e-mailers.
The U.S. Department of Justice, the FBI and Microsoft earlier announcedwho are suspected of modifying and releasing minor variations of the MSBlast worm, but have made little progress in catching the original author or the person or group responsible for the Sobig virus. Those attacks were serious enough to and .
The main measure of the new initiative's success will be whether fewer major attacks are seen, Symantec's Nachenberg said.
"This bounty is really meant to deter people from releasing malicious code into the wild, not necessarily writing malicious code," he said.