Open

Coming up

Don't miss

Replay


LATEST SHOWS

MEDIAWATCH

Depardieu launches "Proud to be Russian" watch range

Read more

DEBATE

SPECIAL: US and Cuba Normalise Relations

Read more

ENCORE!

Forget Harry Potter, Jeff Kinney's 'Diary of a Wimpy Kid' sells millions

Read more

FOCUS

Child migrants: no parents, no passports

Read more

AFRICA NEWS

Thousands flee Libya and Nigeria to seek refuge in Niger

Read more

INSIDE THE AMERICAS

Sony Pictures reels from cyber-attack

Read more

MEDIAWATCH

"Todos somos Americanos"

Read more

IN THE PAPERS

Cuba-USA: 'A roll of the dice'

Read more

IN THE PAPERS

The 'Caribbean Wall' is starting to crumble

Read more

Microsoft promises reward to catch worm inventor

Latest update : 2009-02-13

The world's largest software company put a bounty of 250, 000 dollars on the heads of 'worm makers' on Thursday in a bid to find those responsible for a computer code known as "Conficker" or "Downadup" that could crash Microsoft systems worldwide.

AFP - Microsoft on Thursday announced it has formed a technology industry posse and put a bounty of 250,000 dollars on the heads of those responsible for a vexing computer worm.

The nasty computer code known as "Conficker" or "Downadup" has been spreading quickly, wriggling into millions of computers worldwide and threatening to commandeer or crash systems.

Microsoft is working with computer security specialists and the Internet Corporation for Assigned Names and Numbers (ICANN) to track down whoever unleashed Conficker.

"The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together," said ICANN chief Internet security advisor Greg Rattray.

Microsoft promised to pay 250,000 dollars for information that leads to the capture and conviction of the people that launched the malicious code on the Internet.

"We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable," said George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group.

"Microsoft's approach combines technology innovation and effective cross-sector partnerships to help protect people from cybercriminals."

Cyber threats are evolving rapidly, compelling technology firms and academic researchers worldwide to increasingly collaborate to coordinate defenses.

The posse bent on corralling Conficker includes Symantec, F-Secure, VeriSign, Afilias, Internet Systems Consortium (ISC), and the Shadowserver Foundation.

"I am heartened to see this group of companies and researchers working together night and day, cooperating in some cases with their direct competitors, to cap the damage from this worm," said ISC president Paul Vixie.

"We've aligned a huge pool of talents and resources. We've got a lot to do yet, about this attack and likely future attacks, but if we keep on working together like this, we're going to make real progress in Internet security."

Microsoft said it is offering a cash reward because the Conficker worm is a criminal attack. Anyone that knows about Conficker's origins is urged to contact police dealing with international law enforcement in their country.

Advice about defending against Conficker is available online at microsoft.com/conficker.

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with Windows security patches.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another. Once in a computer it digs deep, setting up defenses that make it hard to extract.

Microsoft says it is aware of the Conficker "worm family" and has modified its free Malicious Software Removal Tool to detect and get rid of infections.

Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

A troubling aspect of Conficker is that it harnesses computing power of botnets to crack passwords. Security specialists recommend hardening passwords by mixing in numbers, punctuation marks, and upper case letters.

Repeated "guesses" at passwords by a botnet have caused some computer users to be locked out of files or machines that automatically disable access after certain numbers of failed tries.

"When botnets start being controlled through global, randomized domain names, you know things are heating up in cybercrime," said Afilias chief technology officer Ram Mohan.

"Attackers are evolving and deploying ever more sophisticated techniques. We need to stay together to provide a unified front against future attacks."
 

Date created : 2009-02-13

COMMENT(S)