Microsoft offers reward for catching worm creator

not kept up to date with Windows security patches. It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer it digs deep, setting up defenses that make it hard to extract.

The worm slithers through networks by guessing usernames and passwords. Security specialists recommend hardening passwords by mixing in numbers, punctuation marks and capital letters. The virus reports in to its creators for updates by visiting a web domain. It generates the name of the domain itself using a complicated code which security firms have cracked to track the growth of the worm and block its progress.

Malware such as Downadup can be triggered to steal data or turn control of infected computers over to malicious hackers which pool them into larger armies of so-called botnets. These networks of compromised machines can be used to send spam, as dead drops for stolen or pirated data and to launch attacks on other machines. Although Downadup is widespread its creators have yet to activate its payload to steal data or launch other attacks. It has caused costly headaches for network administrators dealing with users locked out of their accounts when the worm correctly guesses a password.

While Microsoft says it does not know the intention of the worm’s creator, it wants to ensure it does not wreak any more havoc. Experts say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch - also known as KB958644.

Shiels writes that Microsoft has also partnered with security companies, domain name providers, academia, Internet companies such as AOL, and others on a co-ordinated global response to the worm. Also included is the U.S. Department of Justice and DHS. “The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together,” said Greg Rattray, chief Internet security adviser at the Internet Corporation for Assigned Names and Numbers (ICANN). “ICANN represents a community that’s all about co-ordinating those kinds of efforts to keep the Internet globally secure and stable.”

In 2003 Microsoft created its reward program with $5 million in funding to help law enforcement agencies bring computer virus and worm authors to justice. This reward for help in tracking the creators of Downadup is the first time in four years that the company has put up some cash in response to a worm outbreak. “We have not seen this type of worm or one of its class since 2004,” said Stathakopulos. In 2005 Microsoft paid out $250,000 to two individuals who helped identify the creator of the notorious Sasser worm. The author was arrested and sentenced by the German authorities. Rewards of $250,000 were offered over three other major computer worm threats known as Blaster, MyDoom and Sobig worms. Those perpetrators have never been caught.