digg

Facebook Connect Join Digg About
See the original image at informationweek.com

Microsoft Offers $250000 Bounty For Worm Authors

informationweek.com The company has formed a cybersecurity posse with technology companies, academic organizations, and Internet infrastructure firms to dismantle the Conficker/Downandup worm's infrastructure.

Who dugg this? Made popular Feb 14, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

139 Comments

show profanity settings
expand all
  • 6oo63D, on 02/14/2009, -2/+94These are the sorts of pirates the industry should be going after, not some college BT user.
  • toxicpiano, on 02/14/2009, -0/+75Dead or alive?
  • Nitrouz, on 02/14/2009, -0/+47They offered a similar reward in 2004 in order to find the people behind Sasser and they actually found the person.....some kid in Germany
  • benzzene, on 02/14/2009, -1/+426oo63D wrote the worm.


    Now where's my money?
  • BenTheTank, on 02/14/2009, -1/+42To think, the creator(s) of this worm have the knowledge and skills to have incredibly rewarding careers in the private sector, but instead chose to be a bunch of dicks. I'm certain they have royally ***** themselves.
  • Sublex, on 02/14/2009, -1/+41Well, the authors are *****.
  • rixbad, on 02/14/2009, -2/+30When I park my car somebody keeps putting breaking my windows, and slashing my tires. I'm really pissed at Honda for not preventing that.
  • 6oo63D, on 02/14/2009, -0/+25I'm sure we can negotiate an offer you won't refuse: I'll digg you up twice.
  • JonTheGoose, on 02/14/2009, -0/+25Man is the deadliest game. Let the hunt begin!
  • inactive, on 02/14/2009, -3/+26http://www.wikihow.com/Use-There,-Their-and-They%2 ...
  • Purkake, on 02/14/2009, -9/+28Their not really pirates, but I agree.
  • magamiako, on 02/14/2009, -0/+16Much like every other worm available, this one preys only on the users that haven't updated. Unfortunately, the blogosphere has not helped this situation.

    There's a huge amount of "distrust" of Microsoft, really through no fault of their own other than being a "large organization" and it's "cool" to dislike them.

    You have people who created utilities even way back in the XP days called "Anti-Spy", which disables critically needed services--including Automatic Updates, because people think Microsoft is trying to "cause them harm".

    Then these people who believe this get consulted on by friends and family to purchase computers and they go to those computers and do the same thing. Block Automatic Updates.

    The internet piracy scene also makes this a huge problem, as many people disable automatically updating so they don't get "caught" pirating. Nevermind the fact that Microsoft actually allows pirates to download security updates through both Windows Update and their Download Center. And yet again, when these people install pirated software for others, they disable any automatic internet connecting features the software has.

    There has never been a case that any company has actually pursued anyone through any automatic "phone home" features in any software. Microsoft understands that even though they have to fight piracy, the general health of the internet relies on people with pirated software to be able to update and keep their computers secure.

    It's a cultural problem on the internet really, and one not likely to change anytime soon. People like having this mentality.

    The more troubling part is these people don't actually really know much about security of information. They truly believe throwing a firewall in front of things is going to solve all of their security problems. And if they use Linux, that they are impenetrable fortresses. There are tons of insecurities inherent in the Linux OS design, and even more importantly, in many default Linux configurations.

    Throwing just out there apache in a lot of linux distributions is configured to be executed as one user. Great, awesome. Sure, your entire box may not be compromised as easily, but this guy just hacked in through a flaw in apache and took out every single website you're hosting. How do you handle this? How do you solve that? (I know these answers, the questions are rhetorical) But seriously, how many people go out of their way to learn how to use mpm_peruser, even know what it is, and know what it does? Not many. (I use mpm_itk, but will switch to peruser in a future apache install).
  • ninjagore, on 02/14/2009, -1/+17No OS is immune to worms. Unless you never, ever connect your system to the Internet, your system will still be vulnerable to something.
  • Parastie, on 02/14/2009, -2/+18$250,000? ***** man. How about I write a worm and turn myself in?
  • benzzene, on 02/14/2009, -0/+15Deal.
  • WibWobble, on 02/14/2009, -1/+16Do you know anything about programming or security?
  • kelmaster1, on 02/14/2009, -2/+15when over a billion people use a piece of software and millions are trying to ***** with it around the world, there will always be holes. The one way you can be immune is have no connection. If you have any suggestions Microsoft would be happy to hear from you. Oh wait you don't, so stfu.
  • dillibob, on 02/14/2009, -0/+13never trust kids
  • sirpwn4g3, on 02/14/2009, -3/+15Some people just can't figure out that no OS is perfect, it's not MS fault that some user who doesn't know any better won't update their computer. I wish MS could push updates on people more, but then everyone would whine about how intrusive they are about it, much like the UAC in Vista. There's just no pleasing the people who want to whine about something for attention. Mac OS and Linux are vulnerable as well, the difference is that Mac and Linux don't have as many users, and therefore don't have a giant bulls eye to aim for. Last time I checked the intentions of this worm were still unknown, and I really don't want to find out, this bastard needs to be caught.
  • BenTheTank, on 02/14/2009, -1/+12No I don't admire anyone who commits a serious crime just to prove that they can, or to "fight the man."
  • brandnewx, on 02/14/2009, -1/+9Microsoft released the fixes in October, and the infected machines, mostly in China and India, installed pirated copies of Windows that can't download the security updates from Microsoft.

    Ask yourself who's at fault here? Microsoft? Explain it.
  • waspbr, on 02/14/2009, -0/+8it was the butler
  • Miff, on 02/14/2009, -2/+9No.
  • gcnaddict, on 02/14/2009, -0/+7Ahem, Microsoft patched these holes before the worm went live. If you're going to bash victims, bash the companies which didn't update their computers between the two months when the relevant patches were released and the worm hit the web.
  • inactive, on 02/14/2009, -2/+9Crawl back in your hole moron.
  • Typhoon2009, on 02/14/2009, -0/+6Never watched the show, but doesn't Dexter kill bad guys?
  • inactive, on 02/14/2009, -0/+6All they did was go through Gate's sofa cushions and offered what they found as a bounty.
  • FredRogers, on 02/14/2009, -0/+6It was actually the same exact amount. The kids name is Sven Jaschan. He works for a network security company now. One of his friends ended up turning him in for the reward.
    http://en.wikipedia.org/wiki/Sven_Jaschan
  • inactive, on 02/14/2009, -1/+7If by "living" you mean committing crimes and ***** up 15 million computers, I don't think I want to "live a little." You can certainly focus your computer skills in a positive manner; open source software for example.
  • sodade, on 02/14/2009, -0/+5You mean, the authors can frame a patsy and collect the cash.

    Cha Ching indeed.
  • inactive, on 02/14/2009, -0/+5But you know that they make great stuff!
  • nurbsenvi, on 02/14/2009, -0/+5Spammers and Virus/Worm Authors should be hanged.
  • diptheria, on 02/14/2009, -1/+6RTFA. Microsoft fixed this before this worm existed. Apparently, people just didn't patch their software.
  • inactive, on 02/14/2009, -3/+7So now the authors can report themselves and get a 250k.

    CHACHING
  • magamiako, on 02/14/2009, -0/+4jmcguigan:

    Under a domain environment you can limit the number of attempts at logging in prior to an account locking out and having to be unlocked by an Administrator.

    As far as brute forcing simple passwords, Windows Vista takes this a step further by completely disabling the LM Hash storage function of passwords. In versions of Windows prior to Vista, it was relatively easy to brute force a user's password out of this hash.

    Windows Vista passwords of 8+ characters with a mix of numbers, letters, and caps makes cracking extremely difficult via the brute force method, even with rainbow tables.

    Again, another security benefit of moving to Vista that people seem to ignore or not understand.
  • s4g4n, on 02/14/2009, -1/+5BT can be used by just anyone.
  • NegativeDigg, on 02/14/2009, -0/+4I hope someone murders the ***** who made antivirus 2009.
  • inactive, on 02/14/2009, -0/+4substander? peace? thou? clam? beside? payed? roll model?
    Obvious Troll is Obvious.
  • inactive, on 02/14/2009, -2/+6Every software ever made has holes in it. Windows is the target, not because its weak, but because everyone uses it, many of whom, don't know how to not get a virus.
  • jmcguigan, on 02/14/2009, -0/+4"Arrest and Conviction" means they won't be able to spend the 250k
  • inactive, on 02/14/2009, -0/+4I find it quite pleasant actually. Now, this is the last meal you're getting troll...
  • Myztry, on 02/14/2009, -2/+6Who says they don't have rewarding careers. There is a little bit of Dexter in us all...
  • inactive, on 02/14/2009, -1/+4The software isn't the problem, *****, its the authors of the nasty software. This is like blaming Chevy because someone stole your Camaro. MS could put literally the smartest programmers on Earth and spend billions of dollars, it wouldn't matter. Most people use Windows. Most people that use Windows are not computer knowledgeable. They like to download animated flames for their cursors, or 1000 new 3-D Smilies for their AIM. The authors of the nasty software have no interest in the boring script you're writing at Starbucks on your Macbook. They don't want to fool with linux, whats the point? They write the nasty progs hoping to steal Grandma's bank account while she is using AOL, or as she calls it "the internet."
  • velveetaavenger, on 02/14/2009, -0/+3d0g, they cyber-bounty hunter, is on the case.
  • inactive, on 02/14/2009, -1/+4hunt & kill

    Say what you want about past security issues, but MS have become a security juggernaut thanks to their past mistakes.

    Unlike other companies who still claim to be secure through obscurity.
  • AtheismFTW, on 02/14/2009, -0/+3You're just mad no one gives a ***** about mac.
  • magamiako, on 02/14/2009, -0/+3In addition to my posting above, I'd like to point out that I don't think users are 100% the fault. I also place some blame on anti-virus companies. Many security suites out there label keygens and cracks as false positives. While I understand their concern for "malware" and pirated software, if these things aren't infected with something malicious then by no means should they be marked harmful to your PC.

    The above makes it extremely difficult to determine for users which files are legit and which ones are not good. Unfortunately the only method to making sure files aren't compromised are with digital signatures by a trusted 3rd party, but it's not like any of the cracking groups are going to go to Verisign and ask for a fully identifiable digital certificate.

    This only makes it much more difficult to identify malware prior to getting some sort of undetectable infection.
  • magamiako, on 02/14/2009, -1/+4weegee:

    An application does not have to run as root in order to execute and connect to the internet. So while a trojan getting through and hiding itself in your system directory is unlikely, it can still sit somewhere such as your apache directory and execute itself.

    While this "should be" easy to spot (given other technologies), the same holds true for compromised Windows machines. If you have adequate traffic monitoring, you can watch spikes in traffic and assume something is going on.

    More importantly, this also does not prevent a service from being exploited and javascript code from being added invisibly to your websites which redirects users to download trojaned binaries.

    Again, while not necessarily a full system compromise, the end result is the same and likely worse. Client versions of Windows have a maximum half-open connection limit, even if a worm were able to take hold of a client machine its spread would be severely limited. Unlike if your web server gets exploited, you are now potentially distributing a worm to every user that visits your site.

    There are many, many variables and many different methods of trojan and worm distribution. Assuming your "linux server" is safe because you don't run as root is a HUGE fallacy.

    Think about this for a minute here....Think of all these blogs telling you how to "enable security" on your machines, think about what they're telling you to do.

    A) Disable necessary services because you're pirating Windows/Office/whatever-other-app-here.
    B) Prevent Windows/Applications from "phoning home" to make sure "you don't go to jail."
    C) Disable the Half-Open connection limit on Windows so you can make better use of P2P.
    D) Download our "cracks" and "keygens" (trojans) to crack your newly pirated software.

    Put all of that together and you get a rather screwy mix of compromised machines where people think they're doing "everything right".
  • Miff, on 02/14/2009, -0/+3Peace of software sounds nice.
  • techdever, on 02/14/2009, -0/+3how about you RTFA weeFred
  • Fetching more discussions...
    Show 51 - 100 of 145 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.