Microsoft Offers A Bounty On Virus Writers

Iphtashu Fitz writes "According to news.com Microsoft will announce a bounty of $250,000 on Wednesday for information on who wrote two recent Windows viruses. The bounty is offered for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus. Microsoft will officially announce the reward in a joint press conference with the FBI and U.S. Secret Service Wednesday morning. This is the first time a company has offered money for information about the identity of the cybercriminals. Could this be the start of a new trend in going after the writers of viruses & worms?"

Re:Not always so catchable...

[Anonymous Coward]

Temptation of $250k might make friends turn on friends - no tracking necessary.

I wonder if the writers could turn themselves in and still get the reward :)

Interesting idea

[Zocalo]

But if Microsoft are going to take this approach, then what about extending it to spammers? Microsoft must spend a hell of a lot more the that $250,000 on hardware, bandwidth and stafff to deal with all the spam going to hotmail accounts, so it could actually save them money.

Or does Microsoft actually make money from spam? I seem to call they were not exactly a staunch supporter of anti-spam legislation recently.

New markets!

[Mononoke]

Could this be the start of a new trend in going after the writers of viruses & worms?

Could this be the start of a new trend of making big bucks writing viruses and worms that make the mean old lady next door with the AOL account look guilty?

Nothing particularly diabolical here

[jerkos]

I don't really see anything diabolical here. Someone write a virus(s) that cost MS a lot of money and time. They want them to be caught, and so put up a substantially lesser ammount of money as a reward. It boils down one way or another that distributing a virus is a crime, whether it's against windows or not, and whether or not it causes them to fix a vulnerability. If you're really that worried about it i'm sure they wouldn't mind you simply telling them about it instead of costing thousands of completely innocent people hundred of thousands , if not millions, of dollars of non-MS money just to "get a point accross". It's not like I can call up the FBI, turn in some guy I don't like with no evidence whatsover, collect $250,000 and viola, he goes to jail and I get rich. There are rewards posted all the time by government as well as private organizations for info leading to the arrest of criminals. The only new thing about this is that it happens to be cybercrime instead of murder / kidnapping / burglary / etc etc etc... I'm sure i'll get flamed to hell for seeming to support an MS position, so flame on!

PR stunt

[David Kennedy]

This is a lovely bit of marketing. It deflects all blame for the viruses onto the writers, and implies that Microsoft have no responsibility here.

Don't get me wrong, I'd cheerfully beat the living daylights out of a virus writer on the basis that I can barely use my email now. Let's have an analogy:

You are a major company with expensive commercial premises. [You are a company who uses IT kit.]

You employ a security firm to look after your building. [You install an OS.]

Your building burns down because there were no doors and some bored teenagers wandered in and torched the place. [You get burned by a virus, and trust me, that costs business money in downtime and/or admins.]

Was the teenager guilty? Yes. Was the security firm negligent? Yes. Does going after the teenager mean the security firm is not negligent? Nope.

I'm rather bemused as to why a major business hasn't sued Microsoft over some of the security scandals this past couple of years. Much as I'd like to see it, I don't think any will really vote with their wallets; migrating desktops for plain ordinary business work (mail, Word, Excel) from Windows is never even discussed, no matter what the servers are.

My solution? XML document formats! Even if it's not XML, something common. Until we have that there'll always be a monoculture on the commercial desktop.

(For what it's worth, I bought Office on my Mac OS box. It's nice. I don't like Windows, but I don't object to Office at all, realising that LaTeX isn't for everyone.)

Re:$250,000 won't fix Windows security

[Moraelin]

It won't fix Windows security, that's for sure, and noone claims that it will. On the other hand, I think it's about damn time all those retarded script kids started paying the price. If someone broke into my house, I'd want to see them thrown behind bars. It doesn't matter if my locks were not 100% secure, it doesn't matter if my house door wasn't built to withstand a nuke, and it doesn't matter even if my house wasn't even locked at all. You just have no business breaking into it. Plain and simple. I'd like to see the same idea applied to computers. And if Microsoft wants to offer some money to get the ball rolling, hey, I'm all for it.

Brilliant move

[forged]

No intention to troll, but I honestly think that this decision is brilliant. Software to which you are only granted a license to use, still belongs to Microsoft at the end of the day. To some degree a virus wrecking havoc amongst computer using their software can be seen like if somebody was vandalizing your property. If that was the case and you wanted to catch them, why not put a bounty on their head ? Seems logical to me, if you can afford someone to do it for you.

Certainly the government has been doing so for a while, considering the various bounties for information leading to the arrest of international criminals and terrorists. Maybe corporation joining the bandwagon to do the same is the next good thing..

And remember, MS has ~ $50BN in case, so it isn't a big deal to them to put the money where their mouth is. In fact, $250K is rather cheap considering how much bad PR they got recently due to the attacks (that must have cost them $BN's in lost revenue from customers switching), so imho they cound't hope for a better use of the same amount if they tried to make up for the negative publicity some other way.

easy money

[martin-boundary]

Don't Microsoft realize what a stupid idea this is? How many people are going to sit down tonight and write their own viruses, then hand themselves in at the end of the week? Sometimes, I wonder what they're thinking. Oh, wait... Nevermind.

Why People Bash Microsoft

[whig]

Slightly off-topic, but related to what you said, this is part of a recent journal entry [slashdot.org] I made.

I don't think most people who bash Microsoft really know, cognitively, why they do it. But there is a social dynamic in effect that causes people to resent, and therefore attack, what they cannot quite understand.

Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic. Both of these are really a statement of expectation, not actual fact.

The US is in truth a plutocracy. Firstly, the freedom of the press is only truly open to those who can afford to publish. The emergence of mass media in the 20th century further centralized the primary means of communication in a small number of corporate hands. That person or corporation with the most power, in economic terms, can "speak" with the greatest volume.

The Internet has lowered the barrier to communication, and is the leading edge of the revolution (see, it's not being televised, is it?) in terms of giving a greater and increasing voice to those with the greatest persuasiveness, rather than those with the most financial means to promote their message. What will hopefully emerge from this process is a totally new form of government, a meritocracy. In my opinion, music will be the greatest power. Some might suggest pornography will rule. Much of what goes for popular music today (given current media) is some combination of the two.

In the meantime, and returning to the subject of this journal entry, the company with the greatest financial clout in the world right now is Microsoft. Moreover, the company is controlled in large part by a single man, William Gates III. What he says Microsoft will publish, they will publish. When he wants to back a candidate for office, he can ensure that candidate will have the full power of the press behind him.

I am not trying to say that Gates is a bad man, only that he is a man who controls the largest share of the liquid assets which confer power. There are many other wealthy individuals and families, some of whom probably resent Gates. His power is counterbalanced by the old money still very capable of exercising their power.

If my thesis is right, and this is a plutocratic system, then Gates is nominally the king, with no hereditary right of succession as such, unless he can prolong his wealth into the next generation.

Thus the GNU project, and associated free software and open source projects, originally aimed at AT&T, has become a loaded gun pointed at the king himself.

Re:Not always so catchable...

[asn]

History teaches us that the greatest thieves and criminal got caught due to their hunger for fame.

History has taught us nothing about the greatest thieves and criminals -- they have never been caught!

Good idea

[mseeger]

Hi,

while i'm no big fan of M$ as most here, i think this is a good idea. Especially the Sobig virus author is becoming a menace. So making him watch his back, may set back the release date for Sobig.G.

Please be aware that the Sobig viruses were written with a comercial interest. Putting a bounty on their arrest something worth considering and in line with all ethical codes i know.

As the Sobig author pobably has his roots in the SPAM community and they would sell their next-of-kin for half price their, i guess the chances are quite good.

Regards, Martin

P.S. Putting 250 K$ (better M$) into R&D for more security would be good thing too.

Civilisation in politics

[Vintermann]

"Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic."

Yeah, I know these kinds of people, and it's usually someone who has their main political experience from playing "Civilisation".

(Although it seems the US doesn't get as many unhappy faces for going to war as other nations ...)

To have democracy is to be ruled by the people. When a nation is a republic it just means there's no king/queen/tsar/other hereditary figurehead or ruler.

Nepal is not a republic and doesn't have democracy.*
Great Britain and Denmark are democracies but not republics.
China is a republic but hardly a democracy.
USA, France and Germany are all democratic republics.

For instance.

* Actually I don't know how much is left of their royal family, there was some massacre I think.

Re:Here's an idea..

[tcas]

Can anybody suggest any source of evidence behind the numerous claims of the age of virus writers?

I know Script Kiddies are a generally accepted stereotype on Slashdot. But is that really a reflection on reality, or on how Slashdotters spent their time when they were teenagers?

MS tools leave Serial numbers

[mabhatter654]

Word docs, and Visual studio all leave serial numbers in finished products! How do you think the BSA works. MS knows who owns what ["benifits" of registering] and if you start publishing software with unregistered tools they know! It's what they use to keep corp like adobe or id up to date on tools..no working at home for you!

All they have to do is find the program with the serial number on YOUR computer...you say you downloaded that of a warez site...I'd be thrashing stuff right now dudes. They'll get 'cha for virus writing or pirating software....take your pick now!

Learning from rocketry prize awards at last?

[Baldrson]

Perhaps M$ has figured out that paying for results [google.com] is a good policy -- unlike the policy followed by NASA, DoE, etc.

Now, if Gates would only get a clue [slashdot.org]...

Re:I heard they needed skilled people

[eqkivaro]

I think the biggest problem with windows "worms" is the windows user. 99% of windows worms are simple VBS scripts. if the average windows user took a look at an email attachment with a .vbs extension and simply deleted it then there would be very few issues with microsoft "security". the problem is that the typical windows user is much less computer savy than the typical linux user. it is just as easy to write a shell script for linux or an applescript (do macs still use this?) for the mac, but the typical linux user wouldn't execute a shell script sent to them by a stranger, and there aren't enough mac users for anyone to notice if they ran a dangerous applescript script. i personally use win2k because i play lots of games on my computer, and i'm not patient enough to wait two years for some geek to port an outdated game to linux before i can play it. i have *never* had a computer virus or worm on my win95, wind98 or win2k boxes, and i don't bother with antivirus software.

Just like the car business...

[ColoradoSkier]

and the theory of acceptable risk. If a recall on 100,000 cars will cost more than he deaths of 4 or 5 people, they will take the deaths over the recall. Same deal here. Cheaper to offer a bounty than fix the core problems in the software...

Re:I heard they needed skilled people

[John Miles]

I have *never* had a computer virus or worm on my win95, wind98 or win2k boxes, and i don't bother with antivirus software.

That's always been my attitude, too, but it's an obsolete one these days. The last two Windows boxes I've built have been infected with W32.Welchia in the time it takes to download the latest patches from Windows Update. We're talking 30 minutes, max, from plugging in the network cable to rebooting after installing the last security patch.

Firewalls are a huge pain in the ass for home users, especially gamers, but I'm beginning to believe they're absolutely necessary.