[ISN] Microsoft offers reward for MyDoom.B leads

From: William Knowles (wk@private)
Date: Fri Jan 30 2004 - 05:49:28 PST

  • Next message: William Knowles: "[ISN] MyDoom.B Rapidly Spreading"

    http://news.com.com/2100-7349_3-5150469.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    January 29, 2004
    
    SEATTLE -- Microsoft announced on Thursday that it will offer $250,000
    for information leading to the capture and conviction of the
    individual or group responsible for the release of MyDoom.B.
    
    The original MyDoom virus started spreading on Monday and quickly
    swamped the Internet. The MyDoom.B variant appeared on Wednesday and,
    among other things, prevents an infected PC from accessing some
    Microsoft Web sites and targets Microsoft's main Web site with a
    denial-of-service attack due to start on Feb. 1.
    
    "When we looked at the B variant, we found it to be much more
    malicious," said Sean Sundwall, a spokesman for the software giant.  
    "It's not that we think the person who wrote the original (virus) is
    not just as culpable."
    
    The reward is the third time Microsoft has posted a $250,000 "Wanted"  
    sign on the Internet. It offered the same amount for information
    leading to the capture and conviction of the persons or groups
    responsible for releasing the MSBlast worm and the Sobig.F virus.
    
    Microsoft's reward is the second prompted by the MyDoom epidemic. The
    SCO Group announced on Tuesday that it is offering $250,000 for
    information that leads to the capture of the writer of the original
    virus. Both the original MyDoom virus and the modified version
    released on Wednesday target SCO's Web site with a denial-of-service
    attack.
    
    While the people who have released variants in the past haven't been
    considered to be as malicious as the original virus writer,
    Microsoft's Sundwall said the modified MyDoom seems much worse than
    the original. It overwrites the original and attempts to block an
    infected computer's access to sites that could host important security
    updates.
    
    "And it attacks us (at Microsoft), of course," Sundwall said.
    
    Computers infected by the variant are expected to begin to deluge the
    Web sites of Microsoft and the SCO Group with traffic from Feb. 1, or
    the first time they are turned on after that, until Feb. 12, or when
    they are shut down after that. It is likely that the attack will be
    difficult to stop, because it will just appear to be regular attempts
    to access the Web sites.
    
    Neither the FBI, which should be contacted with tips, nor Microsoft
    have indicated what, if any, progress has been made tracking down the
    two perpetrators, for which rewards have already been offered.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 30 2004 - 09:11:57 PST