Digg this story   Add to del.icio.us   (page 2 of 2 ) previous 
Cabal forms to fight Conficker, offers bounty
Robert Lemos, SecurityFocus 2009-02-13

Story continued from Page 1

The announcement comes as companies are having a hard time cleaning out the pernicious worm. Security researcher have stated that small businesses and consumers in emerging markets are the ones primarily being affected by the malicious program. SRI International's survey of IP addresses showing signs of infection found that China, Brazil and Russia accounted for almost 40 percent of the compromised nodes.

Aa'ed Alqarta, a security engineer based in Kuwait, has been fighting to eradicate the program from his company's network. While the information-technology staff for the company, which Alqarta asked not to be named, had deployed the patch for the Microsoft vulnerability used by the worm, the malicious program piggybacked on an unsecured laptop or infected USB drive and spread to the network, he said.

"The virus has infected business machines that are being used to serve customers on a daily basis," Alqarta said in a recent e-mail interview. "We had to respond fast to get them back again online and continue their tasks."

The system engineer believes that 100 out of the 2,500 computers in the company were eventually infected with the worm. On Wednesday, he stated that staff have eradicated the malicious program and have instituted security rules tough enough to keep it out of the network.

"I've heard about many companies in the Middle East which have been hit by Downadup/Conficker and it was a hard lesson for them," he said in an e-mail. "You should always be prepared for the worst."

Alqarta recommends that IT professionals patch their systems, ban the use of USB drives, use managed endpoint protection software with strict security policies and immediately quarantine any machines with signs of infection.

The announcement on Thursday also marks the first time in nearly five years, and only the fifth time ever, that Microsoft has offered a bounty for information leading to the arrest and conviction of the person responsible for creating a malicious program.

In November 2003, the company kicked off its Anti-Virus Reward Program by offering bounties for information on the people responsible for releasing the MSBlast, or Blaster, worm and the Sobig.F virus. Two months later, Microsoft added the author of the MyDoom.B virus to its Most Wanted list. All three bounties have failed to turn up any solid leads.

The program's only success came in May 2004, when it convinced two high-school students to offer to turn in another that had bragged about creating the Sasser worm.

Following the release of the worm, the two informants in Germany inquired about whether the bounty would be offered for information about the person responsible for the malicious program. Microsoft's willingness to deal netted law enforcement 17-year-old Sven Jaschan, a high-school student, who received a 21-month suspended sentenced in 2005. In the end, Jaschan — who also admitted to creating the original version of the Netsky virus — received 30 hours of community service because he was a juvenile at the time of his arrest.

While the $250,000 bounty has succeeded in luring high-school student to turn in their compatriots, it's uncertain whether the amount will be enough to cause the associates of more organized cybercriminals, such as those thought to be behind Conficker, to come forward.

Microsoft would not comment on whether the bounty is enough or whether it is consider raising the amount.

"Microsoft is following the same standard as previous AV Reward offers," the company said in a statement e-mailed to SecurityFocus. "At this time, we have no further information on higher bounty amounts."

If you have tips or insights on this topic, please contact SecurityFocus.

    Digg this story   Add to del.icio.us   (page 2 of 2 ) previous 
Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus