Friday, February 13, 2009

WARNING: F.Y.I.

$250K Microsoft bounty to catch worm creator.


(CNN) -- Software giant Microsoft is offering a $250,000 reward for information leading to the arrest and conviction of hackers behind a powerful computer virus that could lead to millions of PCs being hijacked. Experts say a single infected laptop could expose an entire network to the worm.

Experts have so far been baffled by the true purpose of the Conficker or Downadup virus, but have described its spread as one of the most serious infections ever seen.
The worm exploits a bug in Microsoft Windows to infect mainly corporate networks, then -- although it has yet to cause any harm -- it opens a link back to its point of origin, meaning it can receive further orders to wreak havoc.

Microsoft has issued a patch to fix the bug, however if a single machine is infected in a large network, it will spread unchecked -- often reinfecting machines that have been disinfected.
The threat from the virus prompted Microsoft in collaboration with other technology industry names to this week announce a $250,000 reward for information to track down those behind Conficker. "As part of Microsoft's ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers," said George Stathakopoulos, of Microsoft's Trustworthy Computing Group.


Mikko Hypponen, chief research officer at anti-virus firm F-Secure says the true scope of the virus is not known, but in the past 24 hours his company monitored Conficker signals from two million Internet protocol addresses.

"That's a lot," he told CNN. "And one IP address here does not mean one infected computer, it means at least one infected computer.
"Many of those IP addresses are obviously company proxies or firewalls, hiding hundreds of more infections behind it. Unfortunately this also makes it impossible to estimate the total count of infected systems. "So it's still big. Very big."


Microsoft has previously paid out similar rewards to informants who helped identify the creator of Sasser, another notorious worm let loose in 2004. The perpetrator was tracked to Germany, where he was sentenced a year later.

4 comments:

Blue said...

so, if you use Windows Update you have already installed the fix for this...

I have a real problem with computer users (including the IT depts of large companies) that delay installing the updates & then scream that their computers & networks became infected.

Schteveo said...

Point Blue!!!

Game.

Set.

And Match!



This is actually a story that goes back a few weeks. It is compounded by the knee jerk, AFTER some stupid wait time, that exists in the computer community.

In all the years I've been using and repairing computers I've only had one virus. (and it came off of a 3M floppy right out of the box!) I am very diligent in keeping my virus / trojan / malware software up to date. The other thing I do to keep this crap off of my machines, I never use IE, I use Mozilla Firfox.

Anonymous said...

isn't Obama, the Messiah, going to talk to the bad people who write virus & make them stop?

Schteveo said...

anon,
surely you jest, all crime will CEASE if he just says so. He just hasn't gotten to it yet.