MISCELLANEOUS

Microsoft Offers Ransom for E-threat Authors

The WWW - is it World Wide Web or Wild Wild West?

Network World’s Ellen Messmer reports that Microsoft is offering a quarter-million dollar reward for turning in the person or persons responsible for the creation of the Downadup aka Conficker worm .

Moreover, Microsoft is coordinating with ICANN and other organisations responsible for the DNS infrastructure to register and block the domain names which could be used by the worm, in the hopes that by doing that its creators will not be able to turn the Downadup worms (which are now quite harmless) into logic bombs, ransomware or spam relays or whatever else they feel like. Downadup has an algorithmically-generated list of candidate command & control servers; eachinstance of the worm checks some of these periodically, providing an infection count and asking for updates.

The technique is not without precedent, but the response is. While blocking domains may go a long way towards preventing a “night of the living dead” scenario, the other aspect (that of the ransom) raises an interesting opportunity.

Say you were a member of a criminal organisation. You commission (and receive, from a black-hat hacker or group) a huge botnet. Some other wiseguys on the ‘net post a reward for turning in the authors.

Do you now:

a. exploit it for your nefarious purposes

b. turn in the virus writer(s) OR

c. do both of the above?

I suppose it all depends on how useful you deem the virus writers to be to you in the future and what you estimate the cost of replacing them will be. In other words, the reward system probably works, if the rewards are high enough, although it probably doesn’t work by punishing the criminal masterminds, but rather by providing a strong disincentive for prospective enablers (i.e. wannabe virus writers).

About the author

Răzvan STOICA

Razvan Stoica is a journalist turned teacher turned publicist and
technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Razvan Stoica started off writing for a science monthly and was the chief
editor of a science fiction magazine for a short while before moving on to
the University of Medicine in Bucharest where he lectured on the English
language. Recruited by Bitdefender in 2004 to add zest to the company's
online presence, he has fulfilled a bevy of roles within the company since.

In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.