[ISN] Microsoft to offer bounty on hackers

From: InfoSec News (isn@private)
Date: Wed Nov 05 2003 - 01:16:01 PST

  • Next message: InfoSec News: "[ISN] Infrastructure Official Draws Praise for Job"

    Forwarded from: William Knowles <wk@private>
    
    http://news.com.com/2100-7355_3-5102110.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    November 4, 2003
    
    Microsoft will announce on Wednesday that it will offer two $250,000 
    bounties for information that leads to the arrest of the people who 
    released the MSBlast worm and the SoBig virus, CNET News.com has 
    learned. 
    
    The two programs attacked computers that run Microsoft's Windows 
    operating system, causing havoc among companies and home users in 
    August and September. The reward, confirmed by sources in both the 
    security industry and in law enforcement, will be announced in a joint 
    press conference with the FBI, the U.S. Secret Service and Interpol 
    that's scheduled for 10 a.m. EST Wednesday. 
    
    The rewards are the first time a company has offered money for 
    information about the identity of the cybercriminals. 
    
    "It's a new approach," said Chris Wysopal, a security researcher from 
    digital security company @stake, who hadn't known about the bounties 
    and was skeptical that they would work. "I don't think anyone has done 
    this before." 
    
    Microsoft declined to comment until Wednesday. 
    
    The rewards mark the latest move by Microsoft and law enforcement to 
    track down the people responsible for infecting hundreds of thousands 
    of computers in August and September. The U.S. Department of Justice, 
    the FBI and Microsoft had earlier announced the arrests of two men who 
    are suspected of modifying and releasing minor variations of the 
    MSBlast worm.
    
    The attacks were serious enough to hurt Microsoft's bottom line and 
    help security companies post more profits. 
    
    MSBlast, also known as Blaster and Lovsan, spread to as many as 1.2 
    million computers, according to data from security company Symantec. 
    The worm compromised computers that use a serious vulnerability in 
    Windows systems for which Microsoft had released a patch a month 
    earlier. The Sobig.F virus spread through e-mail on Aug. 19, 
    compromising users' computers with software designed to turn the 
    systems into tools for junk e-mailers. A variant of the MSBlast worm, 
    MSBlast.D, was intended to protect machines against the original 
    program, but it ended up being so aggressive that the avalanche of 
    data it produced shut down networks. 
    
    Sources who asked to remain anonymous said Microsoft would foot the 
    entire bill for the bounties. Law enforcement typically neither 
    condones nor disapproves of such rewards.
    
    Security researchers gave the planned bounties mixed reviews. 
    
    "I think it is not a bad approach to counter the growing activity out 
    there," said Peter Lindstrom, director of research for network 
    protection company Spire Security. "People might criticize Microsoft 
    for it, but it is a legitimate way to mobilize more folks to start 
    analyzing their logs." 
    
    Despite nearly three months of intensive investigation, the FBI and 
    Microsoft have only been able to track down two suspected bit players. 
    The rewards seem designed to produce a mutiny in the close-knit 
    circles of the hacker underground. 
    
    However, some researchers believed that such rewards might divert 
    attention away from other efforts to add security that might defeat 
    worms and viruses in the future. 
    
    "It doesn't solve the underlying problem of people being able to write 
    worms like MSBlast," said one security researcher, who spoke with the 
    condition of anonymity. "It doesn't quite equate accountability with 
    being at the keyboard." 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Nov 05 2003 - 04:49:32 PST