Wanted: Conficker coder. $250,000 reward

Not all worms are so easily spotted
Not all worms are so easily spotted

If it's a Wild West of hackers, crackers and malware authors out there in cyberspace, there's a new sheriff in town.

Microsoft today offered a $250,000 (£176,000) reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code.

Conficker (aka Downadup) is a worm that was first spotted back in October but that has only recently experienced explosive growth, especially in Brazil, Russia and India.

Server-ed up on a plate

Conficker exploits a vulnerabilty in Microsoft Windows Server that allows an anonymous attacker to successfully take full control of a vulnerable system through a network-based attack.

Microsoft has since patched the vulnerablity (find out all about it at www.microsoft.com/conficker) but the worm is also adept at copying itself across networks and spreading itself on removable media like USB drives.

Microsoft also announced a partnership with technology industry leaders and academia. Together with security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and Domain Name System operators, Microsoft coordinated a response designed to disable domains used by Conficker to update itself to overcome security measures.

Cnet quotes figures suggesting that Conficker is infecting between half and 2 million PCs day, while some experts conservatively estimate that 12 million PCs remain infected.

If you know something about Conficker's origins and fancy that cool quarter of a million bucks, you should "contact your international law enforcement agency". Residents of any country are eligible for the snitch dosh.

Mark Harris is Senior Research Director at Gartner.