X

Microsoft sets up virus-hunting fund

The software giant says it will work with law enforcement to hunt down writers of worms, viruses and other malicious code, and is ponying up $5 million to fund the search.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
4 min read
Microsoft will work with law enforcement to track down writers of worms, viruses and other malicious code, and is ponying up $5 million to fund the search.

As first reported by CNET News.com, the initiative's first two bounties--to the tune of $250,000 each--will be for information leading to the arrest and conviction of the people responsible for releasing the MSBlast worm and Sobig virus, both of which wreaked havoc online over the summer.

News.context

What's new:
Microsoft sets aside $5 million to fund the search for those who released the MSBlast worm and the Sobig virus.

Bottom line:
The initiative marks the latest move by Microsoft and law enforcement to curtail attacks that plague the Internet.

Track the players

Microsoft executives were joined by representatives from the FBI, the Secret Service and Interpol at a press conference Wednesday that announced the new fund.

"These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that disrupt the lives of real people," Brad Smith, general counsel at Microsoft, said in a press conference.

The rewards will be open to residents of any country, subject to that country's laws, Microsoft said. People with information can report it to law enforcement online to Interpol, to the Internet Fraud Complaint Center or to FBI, Secret Service or Interpol field offices.

Dubbed the Anti-Virus Reward Program, the initiative marks the latest move by Microsoft and law enforcement to put a stop to the repeated waves of attacks that have hit the Internet in the past decade. The two rewards posted on Wednesday could also jump-start federal law enforcement's seeming stalled investigation into the attacks that infected hundreds of thousands of computers in August and September.

The U.S. Department of Justice, the FBI and Microsoft had earlier announced the arrests of two men who are suspected of modifying and releasing minor variations of the MSBlast worm, but have made little progress in catching the original author or the person or group responsible for the Sobig virus. Those attacks were serious enough to hurt Microsoft's bottom line and help security companies post more profits.

Click here to Play

Top security experts take ZDNet's Digital Defense Test 2003.

MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 million computers, according to data from security company Symantec. The worm compromised computers by using a serious vulnerability in Windows systems for which Microsoft had released a patch a month earlier. A variant of the worm, MSBlast.D, was intended to protect machines against the original program, but it ended up being so aggressive that the avalanche of data it produced shut down networks.

The Sobig.F virus spread through e-mail on Aug. 19, compromising users' computers with software designed to turn the systems into tools for junk e-mailers.

Calling all bounty hunters?
The rewards may motivate security researchers into becoming amateur bounty hunters, but real leads are likely to come from those close to the actual miscreants involved, Peter Nevitt, director of information systems for Interpol, said in a CNET News.com interview.

"It is less likely that we will have bounty hunters and more likely that we will have people that will break ranks within those in the know," he said.

Keith Lourdeau, acting deputy assistant director for the FBI's Cyber Division, said that while rewards have been used in the past to garner information, there's no quantitative measure of how successful the tactic is.

Audiocast
arrow Foundstone's CTO: Offering
reward for
virus writers could
be beneficial
play audio

"In the cases that I know of, including bank robberies and major theft cases, offering a reward has generated a lot of information," he said. Sifting through the massive amounts of information will be the job of law enforcement.

The decision to offer rewards for only the two latest threats doesn't preclude additional bounties to be made for other Internet attacks, such as the MSBlast.D worm, also known as Nachi and Welchia.

"We wanted to earmark $5 million so there would be ample resources for the near future," said Microsoft's Smith, who said that tapping into the fund will be done case by case. "We need to make decisions (about rewards) on a variety of criteria. The severity of the virus is one criteria; another is timeliness."

Smith said he hopes that Microsoft's move will put worm and virus writers on notice.

"These people are the saboteurs of cyberspace sitting behind their computer screens," he said. "This is a broad problem and we need to act, not only with determination, but with a long-term resolve."