The controversial SCO Group has offered $250,000 for information
leading to the arrest and conviction of the person or group responsible
for creating the MyDoom virus.
The company also said Tuesday that it is working with U.S. Secret Service and FBI to identify the author of the virus. Also known as Novarg and Mimail.R, , traveling as an e-mail attachment and infecting PCs
whose users opened the file. The program instructs infected PCs to send data to SCO's Web server from Feb. 1 to Feb. 12, essentially flooding the Web site and making it inaccessible.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.
SCO has incurred the wrath of the Linux community for its
claims that important pieces of the open-source operating system are
covered by SCO's Unix copyrights. IBM, Novell and other Linux backers
strongly dispute the claims.
SCO's Web site was knocked offline by , none of which had been initiated by a virus.
"This one is different and much more troubling, since it harms not just
our company, but also damages the systems and productivity of a large
number of other companies and organizations around the world," Darl
McBride, president and CEO of SCO, said in a statement. "The perpetrator of this virus is attacking SCO, but hurting many others at the same time...This is criminal activity and it must be stopped."
Offering a reward for an online attack has been tried before, with little success.
Microsoft announced in early November that the company had created a $5
million fund to reward those who help convict specific virus writers.
As part of the announcement, Microsoft offered two $250,000 rewards for
the individuals or groups that released ="5064590">the
MSBlast worm and the Sobig.F mass-mailing computer virus.
Some security researchers also believed Microsoft could place a bounty on whoever released the MyDoom because of the wide impact of the virus. About one in every 12 messages being sent through the Internet late Monday and early Tuesday contained the virus, said e-mail service provider MessageLabs.
"We are already ahead of Sobig," said Thor Larholm, senior security
researcher for digital security firm PivX Solutions. "If Microsoft is
serious about their efforts to capture virus writers, they will
definitely put out a bounty on this one."
A Microsoft representative wouldn't comment, except to say that it's too early to make a decision.
The FBI has stated that the current bounties have prompted many leads,
but hasn't yet quantified the response nor described the quality of the
"I don't know what the criteria that they judge these things on," said
Alfred Huger, senior director of engineering for security software maker Symantec. If Microsoft bases it on whether the code exploits a security
vulnerability in the operating system, then the company might not offer a
reward, he said.
Rewards are used to get someone to step forward who has information, which is particularly valuable because tracking a culprit based solely on digital evidence has produced limited results.
"Other authors have been caught, but the number is pretty small," Huger said.
SCO spokesman Blake Stowell said that any chance of catching the
perpetrator would make the money worth it.
"Frankly we are sick of these things taking place," he said.