Skip to main content

Wanted: Conficker coder. $250,000 reward

Not all worms are so easily spotted
Not all worms are so easily spotted
Audio player loading…

If it's a Wild West of hackers, crackers and malware authors out there in cyberspace, there's a new sheriff in town.

Microsoft today offered a $250,000 (£176,000) reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code.

Conficker (aka Downadup) is a worm that was first spotted back in October but that has only recently experienced explosive growth, especially in Brazil, Russia and India.

Server-ed up on a plate

Conficker exploits a vulnerabilty in Microsoft Windows Server that allows an anonymous attacker to successfully take full control of a vulnerable system through a network-based attack.

Microsoft has since patched the vulnerablity (find out all about it at (opens in new tab)) but the worm is also adept at copying itself across networks and spreading itself on removable media like USB drives.

Microsoft also announced a partnership with technology industry leaders and academia. Together with security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and Domain Name System operators, Microsoft coordinated a response designed to disable domains used by Conficker to update itself to overcome security measures.

Cnet quotes figures suggesting that Conficker is infecting between half and 2 million PCs day, while some experts conservatively estimate that 12 million PCs remain infected.

If you know something about Conficker's origins and fancy that cool quarter of a million bucks, you should "contact your international law enforcement agency". Residents of any country are eligible for the snitch dosh.

Mark Harris is Senior Research Director at Gartner.