Microsoft bounty to disrupt virus writers?

Some security experts say the lure of money could disrupt relationships among virus writers, effectively shutting down the loose online circles where authors meet.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
Security researchers disagree on the effect Microsoft's Anti-virus Reward Program will have on the underground world of virus writing.

The initiative, as first reported by CNET News.com, promises a reward of up to $250,000 for information leading to the conviction of the person or group responsible for launching the MSBlast worm and another $250,000 for similar information about the Sobig.F virus. The program has been funded with $5 million from Microsoft's coffers and will offer similar amounts for future threats.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

Some security experts believe the bounty could disrupt the relationships between virus writers, effectively shutting down the loose online circles where authors meet and exchange code.

"It really depends on the demographic," said Carey Nachenberg, chief architect for security firm Symantec. "It will make the typical virus writers--13- to 25-year-olds--think twice about releasing viruses."

Virus writers who intend to release bugs will have to be a lot more careful about who they associate with on the Internet, said Peter Allor, director of vulnerability research for network protection provider Internet Security Systems.

"You have a fair chance of someone turning their buddy in," he said. Virus writers "are going to be very careful about who their alliances are with and who they work with."

Others believe the reward won't have a practical effect, aside from marginally increasing the distrust in an already paranoid community.

"Nothing will change," said Roberto Preatoni, founder of security site Zone-H.org. "I guess it's more like a publicity advertising stunt. (Microsoft Chairman) Bill (Gates) cares about security, and he will pay on behalf of the world."

The litmus test for the new initiative will be whether the $250,000 bounties produce additional suspects in the MSBlast and Sobig virus investigations, which have seemingly stalled.

MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 million computers, according to data from security company Symantec. The worm compromised computers by using a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier. A variant of the worm, MSBlast.D, was intended to protect machines against the original program, but it ended up being so aggressive that the avalanche of data it produced shut down networks. The Sobig.F virus spread via e-mail on Aug. 19, compromising users' computers with software designed to turn the systems into tools for junk e-mailers.

The U.S. Department of Justice, the FBI and Microsoft earlier announced the arrests of two men who are suspected of modifying and releasing minor variations of the MSBlast worm, but have made little progress in catching the original author or the person or group responsible for the Sobig virus. Those attacks were serious enough to hurt Microsoft's bottom line and boost security companies' profits.

The main measure of the new initiative's success will be whether fewer major attacks are seen, Symantec's Nachenberg said.

"This bounty is really meant to deter people from releasing malicious code into the wild, not necessarily writing malicious code," he said.