Microsoft Offers $250K Bounty for Conficker Author

We did mention Conficker when it broke out back in January causing one of the largest scale infections ever seen (an estimated 9 million machines in just a few months).

The latest news is that Microsoft are offering a bounty to catch the author of the malware, we have seen this back in 2003/4 (The Anti-virus Reward Program) but it’s been pretty dormant since then. An interesting move some might say, but really, will it work?

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker (Downadup) worm.

The bounty, announced Thursday, represents a revival of Microsoft’s mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004.

In 2003, Redmond put up a $250,000 reward for tips leading to the arrest and conviction of the virus writers behind the infamous SoBig and Blaster worms. It extend this offer to other examples of malware, but there’s only ever been one payout.

Erstwhile college friends of German VXer Sven Jaschan, who was convicted of writing the Sasser worm, picked up a $250,000 payout for their efforts.

So it shows in some circumstances it can work, some ‘friends’ of the Sasser author grassed him up and earnt themselves a tidy pay packet.

It just shows, you can’t really trust anyone nowdays. They haven’t been running this program on any of the interim malware explosions however, so it’ll be interested to see if times have changed and any results will be yielded.

Conficker has infected 10 million computers, going by recent estimates, so it’s no great surprise to find that Microsoft has reactivated the program. Even if it doesn’t lead to any arrests, the possibility of betrayal will give the authors of the worm pause for thought before they activate the monster botnet their malware has established.

In related news, Microsoft is partnering with security researchers, the Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the domain name system to disable domains used by Conficker. Infected machines are programmed to dial into a constantly varying pre-programmed range of servers every day in order to obtain instructions.

Seperately OpenDNS rolled out a Conficker tracking and blocking scheme earlier this week.

It looks like a lot of measures are going into place to limit the damage Conficker can cause and attempting of course to stop it spreading far and wide.

With 10 million infections already, I think they have a lot of catching up to do and a lot of work ahead of them.
Source: The Register

Posted in: Legal Issues, Malware, Windows Hacking

, , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

12 Responses to Microsoft Offers $250K Bounty for Conficker Author

  1. dblackshell February 13, 2009 at 10:20 am #

    It’s unethical and unprofessional measure taken by Microsoft. Wake up people, we are not in the wild west anymore…

    I see it as a way to distract the media attention from Microsoft, because frankly they (and their vulnerability) are responsible for having all this… you and your (trashy) closed source software!

  2. navin February 13, 2009 at 2:55 pm #

    Friends!!!! :) Its amazing how people sell out to money!!!

    @ dblackshell…..yeah its unethical, but if it works, MS will have a case to fight, possibly turn the conficker coder into another mitnick or mckinnon, drag him/her to court for an infinitely long process, and hope tht their “image” improves as a result…… after all, instead of a ZODIAC serial killer situation, a THE FREEWAY KILLER kinda case will do wonders for microsofts cause

  3. John February 13, 2009 at 3:47 pm #

    It raises the bar on damages, which is a good thing. According to a exec vp from MS that I talked to, they offer the $ so that their attorneys can put a hard figure on damages

  4. Dan February 14, 2009 at 6:06 am #

    @ dblackshell & navin

    Unethical and MS being responsible for the viruses and worms in the first place? Are you kidding me?

    If you leave your front door unlocked and someone comes in and trashes your house, it was THEIR choice to do so. The law recognizes this and does not punish you for leaving it unlocked, nor does society chastise you for it. The idiot that chose to violate someone else’s privacy and property pays accordingly if caught.

    I am by no means a fan of MS, but lets be serious here. Virus writers are the unethical scum you need to aim your sights on. THEY chose to go through the unlocked doors. They do not have to do it. They are not required to do it. They are the jerks that force us consumers and coders alike to spend millions if not billions of dollars to protect ourselves.

    Honestly I think when they get caught they get off easy. They should be held responsible for the cash spent to try to protect each and every person and business against them.

  5. navin February 14, 2009 at 5:19 pm #

    @ above,

    question out of the blue…..probably a n00b question but are U Dan Kaminsky??

    Stupid question I know, but very similar writing styles (and the name!!) :)

  6. Dan February 15, 2009 at 12:07 am #

    No sorry not him. Just someone who is sick of wasting $$ and time on security against others’ bad choices and disrespect :-)

  7. hyperX February 16, 2009 at 7:43 am #

    If the virus author is my friend, I will gladly sell him for 250k USD. :)

  8. dblackshell February 18, 2009 at 12:17 am #

    @Dan: here we go again about the “open door” comparison… if you put it that way, you could also say that the owner deserved being hacked… if you don’t care about your own security, why not being hacked in the first place… or you could also asimilate this case with another one…

    let’s say a locksmith makes a (very) easy lock, breakable in several seconds. A thief passes by and seizes the lock, he gets in… in more than one case… after which the locksmith plants a reward for every thief in the world… come on, be serious…

    it was their fault in the first place…

  9. Dan February 18, 2009 at 2:46 am #


    Thats all fine and dandy, but you forget that the idiots (hackers and thieves) choose to do things that are against the general population. Forcing us to spend our money to protect ourselves and people around us. If it wasn’t for them we wouldn’t have to waste so much effort. Also we wouldn’t have people like you sounding like you are trying to justify crimes against person by saying the victim is to blame. I think YOU need to be serious here.

    Now before you go on and say I am living in a dreamland filled with emos and little white bunnies. I am merely stating that THEY waste our time and money, they deserve to have everyone turn on them and they also deserve much more than they get when caught…Thats the bottom line, take it or leave it.

    Anything else to the contrary justifies the continuation of the vicious cycle that feeds the bottom feeders.

    And btw, your reply in a way only furthers my examples in my first post. Think about it a lil, its there.

  10. dblackshell February 19, 2009 at 7:56 pm #

    @Dan: I don’t know how much money you spend on security, but mine are somewhere near zero. It just takes a bit of concern towards security. I can’t stress this enough on how many times I told people to use NoScript/Firewall/AV (free versions of course) to find that after a weak or so none of them where on the computer anymore.

    And that’s the idea I’m trying to state, your average user doesn’t care about computer security. That’s (one reason) why you can’t compare cyberspace criminals with ordinary (real life) criminals… Needles to say that most of the time average users get infected/zombiefied (for botnets and stuff like that) do to their ILLEGAL activity; you know, piracy and things of sort… and also due to their love for “FREE” pr0n.

    This is my opinion, while you have your own opinion and I think the subject could be left alone because it’s not going to get to a common aspect. :)

  11. Dan February 19, 2009 at 11:14 pm #

    @ dblackshell:
    While I do agree that most users are oblivious to security on their home PC, you still pin the tail on the donkey so to speak saying that they must be doing something illegal to get infected in the first place. Ever hear of phishing, spam emails, net cafes with network aware infections, war driving etc….. all of which people can be infected by NOT doing anything illegal themselves. Even the most diligent security minded person can be infected as per a recent article backed by major anti virus companies. All “new” viruses have a time period in which they can be undetectable by any and/or all anti-virus software. Not to mention those that might not be immediately updated within seconds of a new definitions file is released.

    And just because one person might not get infected (you) doesn’t make everyone else that gets infected deserving of it, nor ignorant to the steps needed to not be infected.

    Also when I state the “time and money wasted” I am not merely meaning your own home PC. There are hidden costs EVERYWHERE due to all criminal activity cybor or real life criminals.

    Not to mention the inconveniences put in place to “protect” us.
    Heck you don’t even have full access to your entire balance in your bank without getting “permission” or hassled to do so.

    One way you CAN compare cybor and real life criminals is the way in which I have. They CHOOSE to commit crimes that impair, inconvenience, and cause harm to LAW BIDING people.

    Bottom line, you don’t need to justify criminal behavior (any type) by blanket stereotyping accusing the victims of criminal behavior themselves for becoming a victim. That in itself is very ignorant and condescending.

    So yea, this IS my opinion. And if you keep blaming the victim we defiantly won’t come to a common aspect. So I guess we can drop it now. Unless you keep insisting on trying for the last word and telling me to not reply again.

  12. Dan February 19, 2009 at 11:29 pm #


    Had a interesting thought for you to ponder. It’s quite petty but still valid none-the-less.

    I am so sick of people that tout their “free” solutions and acting like its the next best thing since sliced bread and everyone else is ignorant for not doing the same.

    If you think your “free” solutions are truly free you are sadly mistaken.

    Lets visit the reasons why I say this.

    1) ALL software take up hard drive space free or not. You pay for your hard drive. thereby this space that this program takes up is paid for. You can’t use this space for anything else BUT the “free” security software.

    2) ALL running software takes up CPU cycles and RAM. Both of which you PAY for. Both of which has a defined cap on their limits based on what you BUY. Thereby what ever you do on your PC, all-be-it minimal is still reduced based on the system resources taken up by security software.

    3) ALL software downloaded (free or not) takes up bandwidth. Most law biding people PAY for internet access and some have a bandwidth cap per month. So even “free” security solutions take some of this bandwidth that is PAID for.

    So yes, while you didn’t “buy” your security solutions. You still paid for them.

    But as far as the money aspect that we have WELL covered. I notice you don’t touch the inconvenience aspect that is placed on us all to “secure” ourselves against those who CHOOSE to be criminals (again another way you CAN compare cybor and real life criminals).