Microsoft Offers A Bounty On Virus Writers

Iphtashu Fitz writes "According to news.com Microsoft will announce a bounty of $250,000 on Wednesday for information on who wrote two recent Windows viruses. The bounty is offered for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus. Microsoft will officially announce the reward in a joint press conference with the FBI and U.S. Secret Service Wednesday morning. This is the first time a company has offered money for information about the identity of the cybercriminals. Could this be the start of a new trend in going after the writers of viruses & worms?"

I heard they needed skilled people

[svvampy]

But this is ridiculous!

Re:I heard they needed skilled people

[studpuppy]

So.. like, is the 250K a signing bonus? Or do they get it in stock options? Of course, the real question is... is it cheaper for MS to pay 250K to jail each person that writes a virus exploiting on of their security holes than it is to pay the developers to avoid creating them in the first place?

Re:I heard they needed skilled people

[kfg]

I think they're going to pay it in used computers valued as new and Windows seat licenses.

If you want actual CDs you'll have pay retail though.

KFG

Re:I heard they needed skilled people

[Jeremiah Cornelius]

C'mon.

The target was Windows. They can get off - it was entrapment!

Re:I heard they needed skilled people

[GreyPoopon]

can I shop the microsoft outlook team in? it might not be a virus itself, but a virus facilitator at least!

Microsoft Outlook: The IDE for virus development.

re: i heard they needed skilled people

[ed.han]

cantina thug: "i have the death sentence in 12 systems"

virus writer: "ah, but microsoft is offering a US $250,000 bounty for me!"

cantina thug: "..."

virus writer: "and i shut down millions of PCs on my home planet!"

cantina thug: "..."

virus writer: "and in a little while, i'll finally be able to move out of my parents' basement!"

cantina thug: "that does it."

[blaster fire]

ed

Re: i heard they needed skilled people

[EverDense]

virus writer: "and in a little while, i'll finally be able to move out of my parents' basement!"

cantina thug: "that does it."

[blaster fire]

Han Solo: "No need to thank me kid"

virus writer: "Holy shit, you're Han Solo"

Re:I heard they needed skilled people

[KD5YPT]

One common way to leak virus. Go to a public library, start a new hotmail account, stick the viruse disk in there. Have fun.

Smoke and Mirrors - Windows not ready for Internet

[Anonymous Coward]

If that were even remotely true then Apache would be swimming in remote exploits, which it is not. Not only that, Microsoft's products just aren't designed for security [infoworld.com], even by the admission of their own executives. In fact, Windows is insecure by design [washingtonpost.com]. Microsoft has worked hard to earn the shoddy reputation it has among technology experts and is focusing all the more on marketing efforts. But face it, Windows is not ready for the Internet and is not likely to be. Even Joe Sixpack is starting to figure that out.

This bounty is just a PR game to distract from anti-trust, patent violations, anti-competitive fines, security fines. Microsoft's executives and other investors have had enough time now to dump their stock. Game over.

Re:I heard they needed skilled people

[tc]

Stop being an apologist for Bill Gates. When he pays for clean water and sanitation for every human being on the planet {and he wouldn't even notice it} or performs some similar act for the greater human good {this would not include hara-kiri - given the mess he would be leaving behind, that would be too much like a coward's way out} then he'll have earned a little of my respect.

Maybe this is a troll, but I'll bite...

Last I checked, Bill Gates was performing similar acts for the greater human good. He's one of the most prolific charitable contributors in history. If you check out the Bill and Melinda Gates Foundation [gatesfoundation.com] you'll notice that they have poured billions of dollars into global health projects. According to their annual financial report for 2002 [gatesfoundation.com] they gave away over $1Bn last year alone.

Re:I heard they needed skilled people

[C10H14N2]

Yes, but he's worth $46 billion.

Consider that most people have net worths of $46 thousand or less, he's doing the equivalent of John Q. Citizen writing two checks for five hundred bucks. Even those who are lucky enough to be equity millionaires, that's like sending one kid to college. If he cashed out everything and shoved it into a 2.25% interest bearing checking account he'd STILL make over a billion dollars the first year.

Besides, he didn't give dime one to a single soul for long after he became a multi-billionaire. Last I recall, "tithing" was considered par for philanthropy and this guy is quite a few points below par on that course. Would you really gush thankful if your local millionaire spent twenty years consuming and hording and then sent one kid to college to save his immortal soul? You probably wouldn't even stop to notice. I'd gander most people would do like a waiter receiving an insulting tip and insist he take his stingy excuse for gratuity and shove it where it came from. Bill Gates' "philanthopy" does not exceed that which is merely beneficial from a tax write-off point of view. He's not being generous at all. He simply knows how to do his taxes, which incidentally means for every billion he sends off to his pet projects, the public coffers lose several hundred million dollars. As the wealthiest person on the planet, I think it is fair to expect real generosity and not just good bookkeeping.

He's a robber-baron and should be treated with the respect one worthy of the title deserves.

Oh please, sir, might I have some more?

Re:I heard they needed skilled people

[Daniel Dvorkin]

You know damn well that if Linux enjoyed the sort of desktop ubiquity that M$ has right now, we'd all be bitching about the latest exploit/virus/worm and complaining about how it takes so long to get them patched and why in $#%^&$%@#&* couldn't it have been written correctly in the first place!

Right. Which is why I'm bitching all the time about hbow insecure Apache is, and how long it takes to get it patched, and why the $#%^&$%@#&* it couldn't have been written right in the first place ...

... oh, wait a minute, I'm not.

Re:I heard they needed skilled people

[John Miles]

I have *never* had a computer virus or worm on my win95, wind98 or win2k boxes, and i don't bother with antivirus software.

That's always been my attitude, too, but it's an obsolete one these days. The last two Windows boxes I've built have been infected with W32.Welchia in the time it takes to download the latest patches from Windows Update. We're talking 30 minutes, max, from plugging in the network cable to rebooting after installing the last security patch.

Firewalls are a huge pain in the ass for ho

Re:I heard they needed skilled people

[WhiteWolf666]

Perhaps I'm barking up the wrong tree...But....

Its not JUST that MS makes the default user---

It is also that Windows runs a ton of stupid, random crap in kernel space.

Like Windows Media Player. Like Internet Explorer. Like Outlook. Like a ton of office stuff.

None of that belongs in kernel space.

+5 Insightful? Try -1 blatantly wrong!

[kylef]

It is also that Windows runs a ton of stupid, random crap in kernel space. Like Windows Media Player. Like Internet Explorer. Like Outlook. Like a ton of office stuff.

This is one of the most blatantly false statements I have seen get modded up to +4 or +5 in a long, long time.

Windows Media Player, Internet Explorer, and Outlook do NOT run in kernel mode whatsoever. They may talk to kernel-mode drivers like 95% of all user-mode software does (read from a file, talk to the network), but they absolutely do not run in kernel-mode!

C'mon, people. If you want to bash MS, you can do better than make up ridiculous statements like that.

Re:I heard they needed skilled people

[pyros]

It's both. Having them run in kernel space means a web browser crash can bring down the whole kernel. Having them run as root means an exploit can give access to the entire system. Either one without the other is bad, but together they are the sux0r.

Re:I heard they needed skilled people

[pyros]

blame on me for careless examples. If I'm not mistaken, video drivers run in kernel space, so should have been my example for that. I didn't mean to imply that IE was both a kernel service and run as root, just that those two parts of the Windows platform in combination are bad. And to be fair, the IE rendering code is in system DLLs, so it's not an unreasonable misunderstading to think some of it might be running in kernel space. As for stuff needing to be logged in as administrator, I have a linksys wirel

Re:Ignorant Ignorant Ignorant!

[ceejayoz]

Script kiddies are probably more likely to be running Windows themselves, 'though. They'll crack what they have access to themselves, instead of something utterly like Linux.

Someone who trained to use a grenade launcher is going to use a grenade launcher when available, even if pistols are more prevalent. :-p

Re:I heard they needed skilled people

[smchris]

I think that is why I find it strangely appealing. Envision the typical biker dude bounty hunter storming some high school kid's room. Does C*O*P*S do the occasional bounty hunter episode: "Bad Nerd, Bad Nerd, whacha gonna do?"

But only if Gates presents the check personally.

I'm the one

[hummassa]

I wrote the MsBlaster and the entire SoBig series! I'll plead guilty! who will split the bounty fifty-fifty with me?

Re:I heard they needed skilled people

[FireChipmunk]

You mean bridges don't collaspe?

What about the Tacoma Narrow Bridge [bris.ac.uk]?

Part of your comparision falls completely flat, we have been building bridges for thousands of years, while software engineering is at best 50 years old.

Bill Gates

[Glock27]

Well I find him...Untouchable!

Not always so catchable...

[the uNF cola]

It's not that hard to deploy a virus and not get caught. There are so many open access points and people who forget to log off of an email account after leaving.. how would you track it?

Re:Not always so catchable...

[Anonymous Coward]

Temptation of $250k might make friends turn on friends - no tracking necessary.

I wonder if the writers could turn themselves in and still get the reward :)

Re:Not always so catchable...

[wizrd_nml]

1) Not getting caught is easy assuming whoever wrote the virus expected such a wide response and therefore took precautions to guard his identity. If he didn't and started bragging to all his friends, who then told their friends...

2) I wonder if Microsoft are expecting this move to deter people from writing viruses. Maybe someone thought: that virus cost us a lot more than 1/4 million, let's spend that money and set an example even if the guy doesn't get caught.

3) This is going to spark a new underground

Re:Not always so catchable...

[watzinaneihm]

Even funny will be when somebody who did not write the virus sets himself up so that he gets some money. $250,000 is a lot of money in many countries.

Re:Not always so catchable...

[tanveer1979]

Hmm not really. Given enough resources and motivation, it is not that daunting a task. With internet being taken into control everywhere and watchdogs sitting, it may not be that difficult.

Ever read the book, "The Silicon Samurai", the cracker in that book was very clever, a master of the art. Still he got caught. Why? Because crackers, virus writers, DDoS organisers have one thing in common. They want fame. They cant sit without leaving clues. History teaches us that the greatest thieves and criminal got caught due to their hunger for fame. This will happen here also. Though i am not to sure if that is a very good thing, coz when such showdowns happen a lot of innocent people suffer.

Re:Not always so catchable...

[asn]

History teaches us that the greatest thieves and criminal got caught due to their hunger for fame.

History has taught us nothing about the greatest thieves and criminals -- they have never been caught!

Re:Not always so catchable...

[f00Dave]

Your analogy is flawed, since these particular virus/worm writers aren't doing it to "leave a mark on the world", they aren't gloating about what they've done ... they're *using* those infections as part of their *business*. Witness the latest worm's DDoS assault on SpamHaus.

These writers won't get caught because they can't help but leave signposts, but they *may* get caught if someone in their dirty end of the world rats them out. I mean, after all, they've obviously built up this tool (a private, massi

New senario ...

[Zemran]

In a country such as Laos, people earn about $75 a month... or $900 a year... if they work from 15 until 65 they will earn $45,000 in their life forgetting the fact that they are extremely unlikely to have work all the time.

So it now becomes a career move to write a virus, get your own brother (or someone you trust) to hand you in and collect the money. You do your time in relative comfort and your whole family is rich (comparatively)...

Microsoft will never pay. Informers will be jailed

[Futurepower(R)]

My guess is that Microsoft will never pay anything to anyone. Once Microsoft finds the name of a person who wrote the virus, that person's name will be given to the police. Microsoft can claim they got the information somewhere else. "Oh yes, you were the 110th person who reported the virus writer." To use your example, Microsoft won't pay, and the family in Laos will be powerless to compel payment.

It seems likely that whoever admits he or she had knowledge of the creation of a virus will be arrested a

Re:Quite

[the uNF cola]

Even if they do that, they don't scare the people who just a little sneakier than most. And scare tactics doesn't always work. Look at Kazaa. 400+ examples made, and it's still strong.

Oddly enough, disobedience is not an easy thing to squash. :)

Today $250k for turning in Windows virus writers

[goldcd]

Tomorrow: $500k reward for writers of Linux or Apple viruses

Re:Today $250k for turning in Windows virus writer

[MSZ]

In that case will one be not only able to claim bounty for *self but also get an employment offer?

Soon the sources for ramen worm will be most sought wares on the net...

Re:Today $250k for turning in Windows virus writer

[Zenjive]

I'll split it with you: I turn you in and you claim your computer was just an infected drone. When the charges are dropped we split the 1/4 mil, k?

It's an underexploited market

[goldcd]

shamefully neglected by Apple's Switch Campaign.

I love Microsoft's Logic!

[Mastadex]

If you cant fix the bug, just get rid of the bug writers, so that you dont have fix anything! HA!

Well, there logic is (half) right...

[WIAKywbfatw]

Well, ask any doctor and he'll tell you it's better to cure a disease than to treat its symptoms. No virus writers means no viruses, which means no headline news virus alerts and scares.

Of course, the question is how much of the "disease" is the virus writers and how much is Microsoft itself with its sloppy approach to secure computing?

Re:Well, there logic is (half) right...

[Twylite]

On the other hand, curing the disease is what we currently do with virus cleaning software. You can treat the symptom, treat the cause, or prevent the infection. Microsoft is trying the third option.

Prevention is better than cure, certainly -- but there are limited. Darwinian evolution tells us that those organisms that can't survive their environment must adapt or die. Microsoft is attempting to address this problem by controlling the environment. The growing concern about supergerms and the dangers

Re:Well, there logic is (half) right...

[ajr_trm]

Well, ask any doctor and he'll tell you it's better to cure a disease than to treat its symptoms. No virus writers means no viruses, which means no headline news virus alerts and scares.

The same doctor will tell you that elimination of all dangerous viruses and bacteria from our environment is impossible.
The best way to fight the diseases is to make our constitution stronger.

The same with software.

Re:I love Microsoft's Logic!

[weileong]

what are the realistic chances of a payout? Beyond finding the person, it's also another question finding enough evidence to put that person away. The realistic odds of MS ever having to pay out the $$, how high is that?

Actually wont' all this do is that, in the future, the virus writing will be done by the "professional" types who are going to be more careful about covering their tracks (launch only from internet cafes, zombiefied machines? with a long enough chain-of-zombies even assessing the traffic

Re:I love Microsoft's Logic!

[youngerpants]

I think we can all see that this is actually a pretty poor marketing attempt by Microsoft. throwing around terms like $1/4M is going to make people (like the news companies) look up and report about what a good job MS are doing.

I think everyone (well, most of you anyway) in this crowd realise that it is the buggy software that made this possible in the first place.

However, outside of tech circles, MS is highly regarded (and lets be honest, they have done more good than bad overall... please dont hurt me f

Re:I love Microsoft's Logic!

[witcomb]

I think you mean the bug exploiters

Interesting idea

[Zocalo]

But if Microsoft are going to take this approach, then what about extending it to spammers? Microsoft must spend a hell of a lot more the that $250,000 on hardware, bandwidth and stafff to deal with all the spam going to hotmail accounts, so it could actually save them money.

Or does Microsoft actually make money from spam? I seem to call they were not exactly a staunch supporter of anti-spam legislation recently.

Re:Interesting idea

[stretch0611]

If Microsoft makes it commonplace to pay $250,000 for finding a virus writer, it will go broke soon. After all they only have $50 Billion in cash.

We Need to Stop Equating All Conspiracy Theories

[FreeUser]

Mind you, some conspiracy theorists also claim that the world is ruled by alien lizards, so I think it's fair to take what they say with a pinch of salt.

Yes, but they aren't the same conspiracy theorists. :-)

On a serious note, folks on slashdot (and indeed, people in general) tend to equate all types of conspiracies (and conspiracy theories) and lump them together...somehow equating Enron with the X-Files, at least until Enron is exposed publicly (then, for some reason, people are able to grasp the difference). This is a real problem, because it means that people will live in denial of real-world conspiracies that are taking place (e.g. Monsanto's conspiracy to dump toxic waste into the rural groundwater of the deep American south in the 1990s, or the current SCO conspiracy to defraud their investors and steal the copyright of thousands of software developers around the world) by dismissing them in their minds as no more likely than alien invasion, UFOs in storage at area 51, or silent black helicopters hovering overhead.

We do know conspiracies exist, therefor, it logically follows that some conspiracy theories are likely to be not out in left field, but rather quite correct.

We know as a matter of historical record that the Nazis conspired to stage a "terrorist" act against the Reichstag as a prelude to a coup d'tate, however, listening to the "conspiracy theorists" of the time would have been like listening to a conspiracy theorist today claiming that 9/11 was staged by Baby Bush (it obviously wasn't ... but it has certainly been exploited in analogous ways by the FBI and the secret service to grab unprecidented power in the United States).

Microsoft has a history of conspiring to do dishonest and disingenuous things that directly (and illegally) harm and coerce their customers and their competitors, indeed, they have been convicted of doing so on numerous occasions (the DOJ anti-trust trial and subsequent sell-out being only the latest example). A conspiracy theorist pointing out a economic or tactical political advantage Microsoft might gain through ill-behavior toward its customers is not out in left field ... their theory, while quite possibly false, is certainly worthy of consideration, particularly given the amount of historical fact that illuminates similiar behavior by Microsoft in the past.

So IMHO it is a mistake (and disingenuous) to equate actions by Microsoft and the copyright cartels that directly threaten our digital freedoms, and the conspiracies that do in fact drive these agendas (even if said conspiracies have the most banal of motivations: greed for cold, hard cash), with tin-foil hats, ghosts, and UFO sightings, as is so often done by the apologists of such groups.

Expressing concern about corporate or government malfeasance (conspired or not) isn't even remotely analogous to X-Files-like nonsense, and it is time we stopped allowing sceptics to use dishonest means (equating suspicion of the Reichstag burning ^H^H^H Microsoft's exploitation of their woeful security record to political advantage, with suspicion of Alien Lizard ruling the earth) to denigrate those who do express such concerns.

worms = good

[alan_d_post]

The not-very-malicious worms that we've seen exploiting e.g. the NT RPC vuln are good things, IMO. They encourage admins to patch their systems, giving black hats less opportunity to do real damage.

Re:worms = good

[Pike65]

Well you clearly didn't get a temp job on a helpdesk a week before the shit hit the fan.

I did >: (

Besides, in business where the sysadmin wasn't a total retard (read: not where I was) there was no way for the worm to get in. The people who needed to patch their systems were the home users who got shafted for not using firewalls. The same people who use Windows because it's not meant to need much setting up . . .

No, worms = bad

[Moraelin]

This idea is about as retarded as saying that:

- throwing stones through people's windows is good. It encourages them to buy bullet-proof glasses before a real thief breaks through that window.

- lockpicking into someone's house and spray-painting their walls is good. It encourages them to buy better locks, giving a real thief less opportunity to steal stuff.

- poisoning the neighbour's dog is good. It encourages him to get a dog which won't wag its tail when a (potential) thief throws him a piece of meat.

- keying random people's cars is good. It encourages them to park those cars in proper park houses, where presumably a real thief would have a harder time getting away with their car.

And so on, and so forth. I'm sure you get the idea by now.

Basically, no, there is no proper excuse for vandalism. Neither in the proper world, nor in the IT world. And just as any judge would probably just have a laugh if someone pulled the retarded excuse "but the lock wasn't 100% secure, so it's not my fault" in a break-and-enter trial, the same should apply to breaking-and-entering someone's computer.

And if you do go around keying cars or flooding the net with RPC exploit packets, no matter how well intentioned you are, I do hope they throw you in a nice jail cell, with two convicted anal rapists as cell-mates. Yes, that same heartfelt wish goes to whoever thought that an RPC patching worm is a good idea.

Re:No, worms = bad

[Moraelin]

I'll appreciate someone trying to crack _my_ code, and in fact at the previous workplace we actually had someone trying to do just that.

System admins are a different issue. I'm sure many of you appreciate the job security, but I'm not sure that your _employer_ appreciates having to spend the extra money. All this worm frenzy _is_ costing the economy real money. Including the money to hire a good helping of extra network admins.

I do not, however, appreciate someone unilaterally deciding for millions of peo

Here's an idea..

[greenerx]

they should invest the 250000 into their security team and fix the vulnerabilities instead of chasing after 13 year olds

Re:Here's an idea..

[svvampy]

Theres only so much money they can throw at a problem.

Brilliant move

[forged]

No intention to troll, but I honestly think that this decision is brilliant. Software to which you are only granted a license to use, still belongs to Microsoft at the end of the day. To some degree a virus wrecking havoc amongst computer using their software can be seen like if somebody was vandalizing your property. If that was the case and you wanted to catch them, why not put a bounty on their head ? Seems logical to me, if you can afford someone to do it for you.

Certainly the government has been doing so for a while, considering the various bounties for information leading to the arrest of international criminals and terrorists. Maybe corporation joining the bandwagon to do the same is the next good thing..

And remember, MS has ~ $50BN in case, so it isn't a big deal to them to put the money where their mouth is. In fact, $250K is rather cheap considering how much bad PR they got recently due to the attacks (that must have cost them $BN's in lost revenue from customers switching), so imho they cound't hope for a better use of the same amount if they tried to make up for the negative publicity some other way.

Re:Brilliant move

[lone_marauder]

To some degree a virus wrecking havoc amongst computer using their software can be seen like if somebody was vandalizing your property.

Oops! Be careful with that. Compare the MS business process with real life, and you might raise the specter of product liability.

Re:Brilliant move

[js7a]

$250K is rather cheap considering how much bad PR they got recently due to the attacks

"Cheap" is right, or an understatement.

Any decent reward these days should be at least [placing pinky to corner of mouth] one million dollars.

Re:Here's an idea..

[mr_z_beeblebrox]

And if they don't catch one, the publicity is free.

That, in a nutshell, is wit.

..and the state and corporations move another inch

[caitsith01]

...closer together.

Later in the same press conference, newly appointed Communications Secretary William Gates III announced that sale of all software in the United States will cease Monday, to be replaced by a Federally subsidised regime of nationally distributed software based on a uniform technology. In response to questions Mr. Gates indicated that the vendor supplying the software had not yet been selected, before laughing maniacally.

Why People Bash Microsoft

[whig]

Slightly off-topic, but related to what you said, this is part of a recent journal entry [slashdot.org] I made.

I don't think most people who bash Microsoft really know, cognitively, why they do it. But there is a social dynamic in effect that causes people to resent, and therefore attack, what they cannot quite understand.

Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic. Both of these are really a statement of expectation, not actual fact.

The US is in truth a plutocracy. Firstly, the freedom of the press is only truly open to those who can afford to publish. The emergence of mass media in the 20th century further centralized the primary means of communication in a small number of corporate hands. That person or corporation with the most power, in economic terms, can "speak" with the greatest volume.

The Internet has lowered the barrier to communication, and is the leading edge of the revolution (see, it's not being televised, is it?) in terms of giving a greater and increasing voice to those with the greatest persuasiveness, rather than those with the most financial means to promote their message. What will hopefully emerge from this process is a totally new form of government, a meritocracy. In my opinion, music will be the greatest power. Some might suggest pornography will rule. Much of what goes for popular music today (given current media) is some combination of the two.

In the meantime, and returning to the subject of this journal entry, the company with the greatest financial clout in the world right now is Microsoft. Moreover, the company is controlled in large part by a single man, William Gates III. What he says Microsoft will publish, they will publish. When he wants to back a candidate for office, he can ensure that candidate will have the full power of the press behind him.

I am not trying to say that Gates is a bad man, only that he is a man who controls the largest share of the liquid assets which confer power. There are many other wealthy individuals and families, some of whom probably resent Gates. His power is counterbalanced by the old money still very capable of exercising their power.

If my thesis is right, and this is a plutocratic system, then Gates is nominally the king, with no hereditary right of succession as such, unless he can prolong his wealth into the next generation.

Thus the GNU project, and associated free software and open source projects, originally aimed at AT&T, has become a loaded gun pointed at the king himself.

Civilisation in politics

[Vintermann]

"Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic."

Yeah, I know these kinds of people, and it's usually someone who has their main political experience from playing "Civilisation".

(Although it seems the US doesn't get as many unhappy faces for going to war as other nations ...)

To have democracy is to be ruled by the people. When a nation is a republic it just means there's no king/queen/tsar/other hereditary figurehead or ruler.

Nepal is no

Re:Why People Bash Microsoft

[TopShelf]

That is one the silliest things I've read in a looooong time.

1) Freedom of the press is only truly open to those who can afford to publish? Uh, hello, communication channels are more wide open today then they have ever been, thanks to blogs, email, newsgroups, P2P, desktop publishing, etc. Of course big corporations have more options available to them, but that is (and has always been) the case just about everywhere in the world.

2) "What will hopefully emerge from this process is a totally new form of

Re:Why People Bash Microsoft

[tres]

Or Occam's Razor might say that people dislike Microsoft because Microsoft has been responsible for countless hours of frustration and time wasted due to bad products and no readily available alternative.

It's like buying a lemon from the only car dealer in town that you can afford to buy from. You despise the dealership and the salesman who sold you the car. You despise the owner of the dealership for tricking you.

It's not about how much money the owner has, but how he got the money. People associate Bill

No, I'm New Here

[New Here]

No, I'm New Here

Re:The sad thing

[caitsith01]

The sad thing is a person who criticises and never offers any solid reasoning of their own.

The sad thing is a person too chickenshit to post with an actual identity of some kind.

The sad thing is a person so wrapped up in being a reactionary hero that they can't tell when someone is joking (come on, it's Slashdot so anti-MS/government jokes are de riguer, are they not?).

And yes, I'm a filthy enviro-commie with no real understanding of the real hard issues that hardcore realist realpolitik ninjas like your

Re:The sad thing

[caitsith01]

Come on, you're almost there. Just a few more snide remarks and you will achieve total uninformed condescending wanker status and earn the respect of your friends and enemies alike.

ehehe...

[stephenry]

There seem to be a couple of programs in Windows, I don't know their name, that shut-out competitors applications and routinely tunnel useage information back to it's headquarters. Not only that, but they seem to integrate with the system itself and mysterious de-configure my existing software. Strange.

They definately seem to be illegal, possibly even viruses; maybe I can get some payola from Microsoft for letting them know about them. Oh wait...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Heh

[Erwos]

"This is the first time a company has offered money for information about the identity of the cybercriminals."

Is this really true? It seems kind of unlikely.

-Erwos

Desperation

[Motherfucking Shit]

All this demonstrates is that Microsoft (and, perhaps, the FBI) are dumbfounded and need to offer a monetary reward to determine who's the culprit. As far as Microsoft is concerned, that's not really a big deal; even as much as we all may hat them, tracking down worm authors isn't their business. But a joint press conference with the FBI?

Something tells me that:

a) The FBI has jack shit for leads (big surprise) and cajoled Microsoft into making this lovey-dovey announcement "for the consumers' benefit"

b)

New markets!

[Mononoke]

Could this be the start of a new trend in going after the writers of viruses & worms?

Could this be the start of a new trend of making big bucks writing viruses and worms that make the mean old lady next door with the AOL account look guilty?

Hmmm, and I figured MS did it...

[3seas]

... so to help promote SP2/NX which is media wise being used to soften up the consumers to heavier DRM Technology.

MS to intro hardware-linked security for AMD64, Itanium, future CPUs [theregister.co.uk] which failed to mention BSD already using it???

Or does this mean they are looking for a fall guy?

Give me the money

[cluge]

Dear MS,

I am a virus writer and would be happy to sell you my virii. These can be purchased by depositing 250,000 USD in my numbered Austrian bank account. By doing this you will save future embarassement, and you can look through your wonderfully robust windows code and provide patches to it before a similliar virus is seen "in the wild".

I know this may just blow my pay day, but perhaps you could just write secure code in the first place? Just a thought.

cluge

$250,000... Pah!

[MosesJones]

I thought these guys are meant to be terrorists. $250k to give information leading to the arrest of a terrorist ? Not enough, I want $10m which I thought was the standard US terrorist suspect reward.

Its not even a figure Dr Evil would get out of bed for.

s/virus writers/spammers

[zonix]

I'd like to spammers on FBI's ten most wanted list instead of this.

z

Nothing particularly diabolical here

[jerkos]

I don't really see anything diabolical here. Someone write a virus(s) that cost MS a lot of money and time. They want them to be caught, and so put up a substantially lesser ammount of money as a reward. It boils down one way or another that distributing a virus is a crime, whether it's against windows or not, and whether or not it causes them to fix a vulnerability. If you're really that worried about it i'm sure they wouldn't mind you simply telling them about it instead of costing thousands of comple

Isn't this like..

[wfberg]

Isn't this like the manufacturers of cars that don't have seatbelts putting a bounty on the heads of drunk drivers who crash into their unsafe cars, say, killing families of four in the process?

Yeah, it's all the DUI guy's fault, no product-liability here! In fact, we're really swell guys, closing the barn door after the horse got out and all..

It's a great PR move for people who don't have a sense of irony, which fortunately includes the majority of Americans, and Alanis Morissette.

PR stunt

[David Kennedy]

This is a lovely bit of marketing. It deflects all blame for the viruses onto the writers, and implies that Microsoft have no responsibility here.

Don't get me wrong, I'd cheerfully beat the living daylights out of a virus writer on the basis that I can barely use my email now. Let's have an analogy:

You are a major company with expensive commercial premises. [You are a company who uses IT kit.]

You employ a security firm to look after your building. [You install an OS.]

Your building burns down because there were no doors and some bored teenagers wandered in and torched the place. [You get burned by a virus, and trust me, that costs business money in downtime and/or admins.]

Was the teenager guilty? Yes. Was the security firm negligent? Yes. Does going after the teenager mean the security firm is not negligent? Nope.

I'm rather bemused as to why a major business hasn't sued Microsoft over some of the security scandals this past couple of years. Much as I'd like to see it, I don't think any will really vote with their wallets; migrating desktops for plain ordinary business work (mail, Word, Excel) from Windows is never even discussed, no matter what the servers are.

My solution? XML document formats! Even if it's not XML, something common. Until we have that there'll always be a monoculture on the commercial desktop.

(For what it's worth, I bought Office on my Mac OS box. It's nice. I don't like Windows, but I don't object to Office at all, realising that LaTeX isn't for everyone.)

$250K Buys a Lot of Mountain Dew

[RobotRunAmok]

Because we know these virus-writing punks can't resist bragging about their exploits in whatever low-rent Usenet hang-outs they frequent, it should be interesting to see if there is as little honor among them as there is rumored to be among thieves.

Script-Kiddie: "Dude! You turned me in to... to... Microsoft!?! That's cold!"

Former Friend of Script-Kiddie: "Sorry, man, tuition at MIT is a real bitch, yo."

S.K.: "MIT? What choo talking 'bout, MIT? You go to Westchester Community College!"

F.F.o.S.K.: "That was before I got this here letter of recommendation from my new sponsor, William H. Gates III. Hey, whaddya think of these new Birkenstocks? Too gay? I kinda think they set off my eyes pretty well, yo..."

S.K.: "Dooooooood....!" (As two big guys in MS-branded butterfly suits drag him into back of van)

F.F.o.S.K.: "Hey, look me up when you get out, man. By then I should be setting myself up in my own company and will be able to use a guy with your leet skills."

One of my compatriots...

[TeknoHog]

started to write a "viral" software back in 1991 when he was studying CS in Helsinki. It has infected both of my computers. MS Windows won't even boot on them. I know his name and contact info, so do I get the bounty?

People need to be better informed

[linuxci]

The problem is not many people look further than Microsoft products because they know no better, and the mainstream press doesn't do much to help this. Microsoft throwning money into the pot to catch criminals is unlikely to solve the problem, in the UK there's a lot of schemes that offer rewards for finding criminals, but although they often catch people, it doesn't seem to deter people. I mean we can't tell people in the UK that they can install new Windows and doors in their house and not bother to lock them, and installing an MS OS (and to be fair many Linux distributions) without doing a 'lock down' is just as stupid, but most people don't know how to go about securing their PC.

We know that other products aren't perfect but variety in software does do something to reduce the dramatic effect of these worms.

So the more people we can educate about alternatives to Microsoft products such as Mozilla Firebird, Thunderbird and Seamonkey (the app suite) will help to restore some balance and will hopefully reduce the number of email viruses. Commercial alternatives such as Opera should also be mentioned because although I think the interface is awful, other people like it and choice is good. Many home users just use thier computers for web browsing and simple documents, so Mozilla + OpenOffice would do all they need.

Then on the desktop you have various options as well as Windows, although unfortunately for most people they may be depending on it for certain applications. MacOS X is ok, but would require buying new hardware if you currently have an ix86 PC.

Bounties, Bounties - I am forgetting Counties ...

[leoaugust]

Bounties, Bounties everywhere,
And I am loosing my Counties of how many there are.

Every Mountie must now be getting this idea,
that if they can't catch the Evilers Dead or Alive -
Make an Announcie of "X" Million Dollar Reward.

X is 25 for Osama, and 0.25 for MSBlatie,
10 for Saddamie, and 10 for his baby boys.

Some you will catchie and some will get away.

No Osama, but M$ might catchy MSBlastie,
No Saddam, but they got his progeny.

When will someone get the idea,
of Putting up X for the Lunactic,
or X for the Du

Poor victimised Microsoft

[amorsen]

People have been starting to see Microsoft as a vendor of poorly-written, insecure software. What this offer makes people see is that Microsoft is just the victim of evil criminals. And you can never blame the victim for the crime...

Turn yourself in?

[shish]

1) Claim to be the virus writer
2) Get $250k
3) Bail yourself out of jail

Wow! Profit at stage #2 and no ???! This *has* to be a good plan!

Chump Change

[Phil John]

Come on, in the scheme of things $250,000 is not an awful lot, especially to a company like MicroSoft.

Morals or no, most people have a price. Had they made it something a little more interesting, say in the $1,000,000-$5,000,000 range, most everyone involved would shop their friend/brother/business associate.

If some of the recent spate of viruses were funded and unleashed by organised crime/spamming syndicates (as some have conjectured), do you really think anyone will risk being found at the bottom of

Spammers

[tehanu]

Given that the Sorbig virus has been linked to spammers, finding the person who wrote the virus might be a blow against spammers as well. Any trial will be well publicised and having the public connection of spammers==virus writers==evil hackers (yes I know the proper term is crackers, but this is public opinion I'm talking about here)==terrorists could be a big blow against the reputation of spamming so that it is no longer seen as just an annoyance but something potentially dangerous. This probably won't bother the spammers so much but it might help get legitimate companies who hire them give the whole email marketing process a second thought, especially if any connections come up during a trial. "Trial: Virus used to advertise for Company X." "Virus writers hack computers to advertise for X" does not sound good for Company X on the front page. At the very least it might make them more careful about who they hire and who the people they hire outsource to (as I'm sure there will be so much outsourcing something known as "plausible deniablity" will be used).

And a connection in the public consciousness between spammers and hackers who write viruses might give a bit of impetus to the government for harsher anti-spam laws. I mean look at anti-hacking laws vs anti-spam laws. Which one has more teeth and are tougher?

O. J. Simpson

[HisMother]

This reminds me of O.J.'s promise not to rest until he personally found the real killers.

Clever

[0xdeadbeef]

By offering a bounty on their heads, they only serve to increase the status of worm and virus authors. What was once the loserdom of the script kiddie community is now glamorous.

Now consider what this means to their "secure computing" initiative, how the frustrations from dealing with this shit can make people more accepting of their draconian security measures. Consider the financial benefits of "digital rights management" that they can only realize after the hardware and software is locked down.

You can imagine the conversation that lead to this, like something out of "24" or the Bush administration: Lets allow, no, lets *encourage* a virus 911 so they'll let us lead them to safety!

Good idea

[mseeger]

Hi,

while i'm no big fan of M$ as most here, i think this is a good idea. Especially the Sobig virus author is becoming a menace. So making him watch his back, may set back the release date for Sobig.G.

Please be aware that the Sobig viruses were written with a comercial interest. Putting a bounty on their arrest something worth considering and in line with all ethical codes i know.

As the Sobig author pobably has his roots in the SPAM community and they would sell their next-of-kin for half price their, i guess the chances are quite good.

Regards, Martin

P.S. Putting 250 K$ (better M$) into R&D for more security would be good thing too.

Look in California

[IGnatius T Foobar]

In particular, Microsoft would like to locate and permanently detain the individual responsible for the treacherous malware program called "Linux." This highly dangerous program causes Windows to not be present at all on any infected computer! Since, as Steve Ballmer keeps telling us, every time you fail to buy a Microsoft program, God kills a kitten ... Microsoft is offering a large bounty to find the author of this "Linux" program.

God Bless Mom, Apple Pie, and John Ashcroft! Preseve the American way of life! Find and destroy the evil virus writers!

I'm looking for a virus writer...

[clickety6]

...who is willing to spend a few years out of circulation for $125,000...!

Contact me on 555-EASYCASH.

Who caused the damage?

[nolife]

Is the writer the responsible party or is the person who deploys the virus?

What if I make a spreading virus that works with a known flaw in a MS product. I post this virus and code to say Bugtraq, IRC, or here on /. How can I be prosecuted? I wrote some code but did not use it or set it free on a network. You could take this to extremes on either side. What if I give code examples? What if I only documented HOW to write code to exploit an existing hole? What if I only describe the hole? I can make a machine gun and provide you with plans for a machine gun but unless I use it to kill people, I did nothing wrong. Seems to me that the prosecutors and MS are trying to hang someone as an example but that is a very fine line. Is there a law that clearly states that you can not knowingly write code that may cause millions of computers to crash? I know this is a touchy subject but I view this software as free speech.

Learning from rocketry prize awards at last?

[Baldrson]

Perhaps M$ has figured out that paying for results [google.com] is a good policy -- unlike the policy followed by NASA, DoE, etc.

Now, if Gates would only get a clue [slashdot.org]...

Linford of Spamhaus.org says he knows who did it

[Chatmag]

Steve Linford [spamhaus.org] of Spamhaus seems to think he knows who is behind the Fizzer/Sobig/Mimail attacks, and will be releasing the information in the near future.

In the article, he leads one to believe that Fizzer is still active in the wild. As a member of IRC Unity, the group founded to eradicate Fizzer, I have not seen a report of Fizzer in months.

If Steve Linford actually knows, he needs to contact Microsoft. The money would help him pay for the losses incurred by the DDoS attacks against Spamhaus.

Microsoft is doing something at least...

[gone.fishing]

Gee, I knew what most of these posts were going to say before I even read them. Most of them say that this is just a marketing ploy by Microsoft to deflect criticism, that Microsoft's poorly written code is what is really the cause, and Microsoft this and Microsoft that and oh, by the way Linux rules.

Let's put all of that aside for a minute. I'm not going to be pro-Microsoft or Pro-anything here. I am going to be Anti-virus writer though.

Cyber-crime be it scams, viruses, trojans, worms, password/identity theft, carding or whatever affects all of us personally. It does because it casts things like the internet, ecommerce, and technology in a poor light. It causes "big money" to think twice before they invest in technology, it causes things like e-voting to come more slowly to the forefront and, it forces companies to take sometimes extreme security measures.

In a sense, the 'net hasn't matured yet. It can be compared to the Wild West where crooks didn't have to run very far or hide very long or even worry very much about getting caught. I have no doubt that over time we will see the net change and cyber-criminals and other scumbags will have more to fear. But right now, a wanted poster with a reward is appropriate. It is what Wells-Fargo did to catch outlaws way back when and it will work as well today.

Where's the supervirus?

[Dirtside]

I've been wondering for a while why we haven't seen any really nasty virus epidemics -- I'm not talking massive DDOS, or spamfloods. I'm talking, a virus that infects a few million hosts over the course of a day or two, and then at a predetermined time, starts formatting the hard drive.

Given how fast some recent viruses seem to have spread, it certainly seems feasible. So why do these viruses always have fairly innocuous payloads? It would seem a relatively simple thing to write a virus like this -- not to mention release it anonymously and never tell anyone about it. Is it just that the people capable of doing this are all ethical enough not to? Or that the ones who aren't ethical enough, are dumb enough to get caught? Or that nobody, I mean nobody would want to see the havoc wrought by such a virus?

Why haven't we seen a virus like this yet? Is it because such a virus isn't possible, or just because no one's bothered yet?

Re:Didn't...

[Dot.Com.CEO]

Beg your pardon there, mate, but I don't think virus writers are "the crew" in slashdot. While you may feel some misguided sympathy toward the scum who wilfully destroy computers because said computers run an OS you don't like, it doesn't mean they are what makes slashdot well, slashdot. Then again, most people in here who think of people who write open source software as "one of us" have never writen one line of code, so I guess your comment is fair.

Re:Make it interesting

[AKnightCowboy]

Oh god, this is so cliche so I apologize in advance:

1. Write virus that causes billions of dollars in damage.
2. ??
3. Profit!!!

Microsoft just revealed step 2 as "Turn in your accomplice, get immunity and $250k".

Re:what about bugs?

[quigonn]

No, when you want to send a bug report to Microsoft, you actually have to pay so that it's not immediately dumped but actually looked at!

Re:$250,000 won't fix Windows security

[Moraelin]

It won't fix Windows security, that's for sure, and noone claims that it will. On the other hand, I think it's about damn time all those retarded script kids started paying the price. If someone broke into my house, I'd want to see them thrown behind bars. It doesn't matter if my locks were not 100% secure, it doesn't matter if my house door wasn't built to withstand a nuke, and it doesn't matter even if my house wasn't even locked at all. You just have no business breaking into it. Plain and simple. I'd

Re:This is ...

[Alioth]

Judging by the quality of the code in modern worms, most worm writers are skript kiddies.

Skript kiddies tend to have over-inflated egos and brag to one and other what exploits they've been up to. With a $250K bounty in the offing, a skript kiddie will probably turn in a fellow skript kiddie. It's inevitable the writer of SoBig etc. will have bragged to other skript kiddies about doing so.

Sure, if *I* wrote some malware, I would not tell a soul about it. But then again, malware writers are scum and I'd nev

Re:Yeah! Shoot the messenger!

[quigonn]

I'm not trolling.

When somebody would install a big red button in the middle of a highway with a sign saying "pressing this button lets explode 1000 atomic bombs" and somebody would really stop and press the button, who would you blame: the one that installed the button or the one who pressed it?

Felix von Leitner wrote an excellent article about this general problem, unfortunately it's in German (use the fish for translations):
http://www.fefe.de/iloveyou.html

It's about the ILOVEYOU virus, but generally