Virus writers dismiss Microsoft's $5M bounty fund

IDG News Service - Though cyberspace outlaws may look over their shoulder one extra time before launching a computer virus or worm, they won't be deterred by the $5 million bounty fund established by Microsoft Corp. to help capture and convict them, two virus writers said.
Applying Wild West-type bounties to modern Internet crimes, Microsoft on Wednesday put two $250,000 rewards on the heads of the individuals responsible for unleashing the Blaster and Sobig worms that wreaked havoc in August. Another $4.5 million was set aside for future bounties.
Microsoft hopes the money will make ill-intentioned code-slingers think twice. "They should think, Uh-oh, there is somebody who knows what I am doing, and they have an incentive to turn me in, because there is a reward," said Hemanshu Nigam, a Microsoft corporate attorney.
However, two virus writers dismissed the bounty fund as a marketing stunt and said it will have no deterrent effect. "This new initiative from Microsoft does not change anything. Virus writers who spread their viruses know very well that what they are doing is illegal," said Benny, a Czech member of virus writing group 29A in an interview via e-mail.
Although it "won't really scare" virus writers, they may become more careful about whom they trust, said a member of virus writing group International Knowledge Exchange (IKX), who asked to remain anonymous. "I think they may become more paranoid and not even tell their most trusted friends what they did," he said.
The virus writers side with Microsoft critics who say the company should focus on securing its software instead. "The bounty program is just another excuse for Microsoft's buggy products," Benny said.
Both 29A and IKX describe themselves as groups of people who create and study computer viruses and worms, but never release malicious code. They send their code to antivirus companies, which typically do a write-up and place the virus in the "zoo," a catalog of thousands of viruses that have never spread.
The FBI, which supported Microsoft's bounty fund announcement, also doesn't think rewards alone will lead to fewer viruses and worms. "We've never suggested that this reward will deter future hackers or criminal activity from authors of this type of code. What deters criminals is jail time. This reward offer is a step that potentially brings us closer to making an arrest, ultimately leading to a conviction and jail time," FBI spokesman Paul Bresson said.

International law enforcement has had a tough time tracking down creators of viruses and worms. Only a few have been brought to justice. Arrests were made in connection with two variants of the Blaster worm, but those responsible for the original remain at large. No arrests have been made in connection with the Sobig worm, which was first detected in January.
Fighting crime in the virtual world is different from fighting real-world crime in many ways, but it all comes down to getting the right lead, Bresson said. "Whether it is the virtual world or the real world where crimes are being committed, there are people who talk to each other, so there are people who have information that can help and we encourage those people to come forward," he said.
But law enforcement and Microsoft shouldn't count on information coming from people close to virus writers, the IKX member said. "I think those people behind the widespread worms are not very talkative, especially after their actions got a little out of hand," he said.
Microsoft believes loyalty in online communities isn't as strong as some people might think, Nigam said. Furthermore, it isn't just members of the Internet's underground that have information that can lead to the arrest and conviction of those who release malicious code, he said.
"Information is everywhere. A systems administrator's system might get attacked; he may have log files and information that he should come forward with," Nigam said.
Microsoft has been widely criticized for not doing enough to protect computer users from security problems. The woes are also affecting the company's bottom line. In reporting financial results for the quarter that ended Sept. 30, Microsoft said sales to corporations had been hurt by the Blaster worm.
Creating secure software is now a top priority at Microsoft, and the reward program is only part of that effort, Nigam said. "This is one aspect of our multipronged approach. Securing products and writing code that is more secure is going to remain a priority, as it has been for a long time now," he said.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.