SCO issues bounty for MyDoom creator

The company hopes the $250,000 reward will lead to the person or group responsible for targeting its Web site with a denial-of-service attack scheduled to start Feb. 1.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
The controversial SCO Group has offered $250,000 for information leading to the arrest and conviction of the person or group responsible for creating the MyDoom virus.

The company also said Tuesday that it is working with U.S. Secret Service and FBI to identify the author of the virus. Also known as Novarg and Mimail.R, MyDoom spread quickly across the Internet Monday, traveling as an e-mail attachment and infecting PCs whose users opened the file. The program instructs infected PCs to send data to SCO's Web server from Feb. 1 to Feb. 12, essentially flooding the Web site and making it inaccessible.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

SCO has incurred the wrath of the Linux community for its claims that important pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

SCO's Web site was knocked offline by denial-of-service attacks several times in the last year, none of which had been initiated by a virus.

"This one is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organizations around the world," Darl McBride, president and CEO of SCO, said in a statement. "The perpetrator of this virus is attacking SCO, but hurting many others at the same time...This is criminal activity and it must be stopped."

Offering a reward for an online attack has been tried before, with little success.

Microsoft announced in early November that the company had created a $5 million fund to reward those who help convict specific virus writers. As part of the announcement, Microsoft offered two $250,000 rewards for the individuals or groups that released ="5064590">the MSBlast worm and the Sobig.F mass-mailing computer virus.

Some security researchers also believed Microsoft could place a bounty on whoever released the MyDoom because of the wide impact of the virus. About one in every 12 messages being sent through the Internet late Monday and early Tuesday contained the virus, said e-mail service provider MessageLabs.

"We are already ahead of Sobig," said Thor Larholm, senior security researcher for digital security firm PivX Solutions. "If Microsoft is serious about their efforts to capture virus writers, they will definitely put out a bounty on this one."

A Microsoft representative wouldn't comment, except to say that it's too early to make a decision.

The FBI has stated that the current bounties have prompted many leads, but hasn't yet quantified the response nor described the quality of the information.

"I don't know what the criteria that they judge these things on," said Alfred Huger, senior director of engineering for security software maker Symantec. If Microsoft bases it on whether the code exploits a security vulnerability in the operating system, then the company might not offer a reward, he said.

Rewards are used to get someone to step forward who has information, which is particularly valuable because tracking a culprit based solely on digital evidence has produced limited results.

"Other authors have been caught, but the number is pretty small," Huger said.

SCO spokesman Blake Stowell said that any chance of catching the perpetrator would make the money worth it.

"Frankly we are sick of these things taking place," he said.

Other viruses have launched denial-of-service attacks against some high-profile sites. The MSBlast worm launched an attack on Microsoft's Windows Update service by sending data to windowsupdate.com. However, the company was able to sidestep the attack by removing the addresses from the Internet's domain names service, the equivalent of the yellow pages for Web sites.

The White House similarly stymied a denial-of-service attack aimed at its Web site by systems infected with the Code Red worm by diverting the deluge of data to a different address.