Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Slaps $250K Bounty On Conficker Worm

timothy posted more than 5 years ago | from the sic-the-french-air-force-on-'em dept.

The Almighty Buck 258

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

Sorry! There are no comments related to the filter you selected.

The new business plan (5, Funny)

140Mandak262Jamuna (970587) | more than 5 years ago | (#26835665)

1. Write malware for windows

2. Give it to a bunch of script kiddies anonymously in bulletin boards.

3. ...

4. Turn them in to MSFT for the bounty.

5. Profit

Re:The new business plan (1, Funny)

Fluffeh (1273756) | more than 5 years ago | (#26835693)

ICanHaSSkript?

No do homewerks?

Re:The new business plan (1)

shanen (462549) | more than 5 years ago | (#26837299)

Naw, it's just Microsoft's business plan to buy a reputation, cheap.

Actually, only based on the news reports I've already read, Microsoft's reward is already tiny compared to the initial reactive damages caused by Microsoft's sloppy programming and very unsloppy but aggressive marketing to make sure the danger is as widespread as possible. So far the damage (that I've heard about) has just been networks being shut down to try and clean the worm out--but if this thing actually has a hostile payload...

Imagine a distributed supercomputer two orders of magnitude larger than Roadrunner. Whoops, no imagination required. We already have it--and no one knows how hostile it is.

YOU DID IT!! (-1, Redundant)

Tibor the Hun (143056) | more than 5 years ago | (#26835797)

MANDAK DID IT MOTHERFUCKERS, WHERES MY $250K!!?

eleven!!! up yours lameness filter. you're lame.

Re:The new business plan (4, Interesting)

Locke2005 (849178) | more than 5 years ago | (#26835825)

My thoughts exactly. If hackers can now make big bucks by writing worms then framing someone else for turning them loose on the world, doesn't that provide a powerful incentive to write more worms???

Re:The new business plan (4, Insightful)

John Hasler (414242) | more than 5 years ago | (#26836545)

They also have to successfully pull off the "framing" part. The authorities are not unfamiliar with the idea that their informants may be lying for the reward.

Re:The new business plan (1, Funny)

segedunum (883035) | more than 5 years ago | (#26835953)

Well, if it was good enough for Clint then it's good enough for the rest of us.

Re:The new business plan (2, Informative)

guyminuslife (1349809) | more than 5 years ago | (#26836643)

Because no one will ever suspect that the guy with the advanced degree, antisocial personality disorder, questionable source of income, and miraculous discovery of "the real hackers," would have had anything to do with it.

Re:The new business plan (4, Funny)

binarylarry (1338699) | more than 5 years ago | (#26836715)

Yes, I highly doubt the Hans Reiser defense is going to work that well here either.

Re:The new business plan (1)

kpainter (901021) | more than 5 years ago | (#26837347)

That is why I favor the 'hitman" option rather than the 'bounty' option. That pretty much cancels out #5.

11111 post (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26835683)

frist post

22222 reply (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26835903)

I want to eat you're ass.

33333 GOTO 11111 (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#26836785)

??

250K is too low (1)

xzvf (924443) | more than 5 years ago | (#26835685)

Pirates of the Indian Ocean were asking for multi-millions. 10 million zombie PC's are worth more than $250K. Dig deeper MS.

Re:250K is too low (5, Insightful)

Bill Dimm (463823) | more than 5 years ago | (#26836213)

10 million zombie PC's are worth more than $250K

The 10 million zombies may be worth much more than $250k to the person that controls them, but they are worth nothing to the guy that lives down the hall from the person that controls them, so he might be quite happy to pick up the money if he knows something.

Re:250K is too low (0)

Anonymous Coward | more than 5 years ago | (#26836981)

But the hypothetical person "down the hall" has no idea what the strange, bearded guy is doing at the computer.

Thsi is a white collar crime, and not readily apparent. Therefore, the guy to turn htem in would need inside knowledge.

Now, ask yourself: You are in Russia, have Contacts to the guys writing malware for the mob, and soeone offers you 250k. Do you
a) Laugh at them very, very hard
b) Together with your cronies: Set up some poor schmock for laughs
c) Attempt to turn them in, and risk having your legs broken, your wife and children hurt, ...?

250k is in no way enough to keep yourself out of harms way...

Re:250K is too low (0)

Anonymous Coward | more than 5 years ago | (#26837701)

That train of thought is just as nefarious as the criminals act itself.

"illegally" launching? (5, Insightful)

djce (927193) | more than 5 years ago | (#26835737)

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty.

Re:"illegally" launching? (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26835761)

Not in the Corporate States of America.

Re:"illegally" launching? (5, Insightful)

Actually, I do RTFA (1058596) | more than 5 years ago | (#26835769)

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

Re:"illegally" launching? (1)

Nefarious Wheel (628136) | more than 5 years ago | (#26836615)

You're lucky if it's the legal system that catches you, and not some Russian entrepreneur with a grudge. They may be a bit more efficient.

Re:"illegally" launching? (1)

Hordeking (1237940) | more than 5 years ago | (#26837529)

Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

If you've ever watched Nancy Grace, you'd apply that to America, too.

Re:"illegally" launching? (3, Insightful)

tribecom (1005035) | more than 5 years ago | (#26835811)

apologist for malware authors ... tough gig

Re:"illegally" launching? (0)

Anonymous Coward | more than 5 years ago | (#26835963)

Wouldnt it be easier to work with the FBI to help find them?

Also wouldnt it be semi easy to figure out who it is? Follow the money... Who extracted it... Follow up the chain of command...

This is the same sort of racketeering rackets mobsters have used for years. They just moved online...

Re:"illegally" launching? (1)

John Hasler (414242) | more than 5 years ago | (#26836315)

The laws of the jurisdictions where the infected pcs are located apply no matter where the thing was launched from.

Re:"illegally" launching? (1)

MrBigInThePants (624986) | more than 5 years ago | (#26836577)

You misunderstood. This is not a bounty for their arrest.
It is a recruitment bounty so they can teach them to make software that is not so full of holes you would mistake it for a premise for war or something.

Re:"illegally" launching? (4, Insightful)

gad_zuki! (70830) | more than 5 years ago | (#26836893)

First off, all politics is local. My local laws apply to what you do to me or my equipment in my jurisdiction. On top of that, in civilized countries all this shit is illegal. Remember the sasser worm? MS paid out a 250k bounty and the author was revealed to be a German who was later convicted.

Secondly, its not too hard to figure out who did this. A lot of these trojans wont install if your default language is Russian. How odd, eh? Essentially, this is a hand out to the Russian government because it protects and profits from its industry of malware writers, most notable The Russian Business Network. [wikipedia.org] These guys arent getting caught. They have the full protection of the Russian government. MS and the rest know this, but they also know that money talks and a high profile defector would be good for the cause.

Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

Re:"illegally" launching? (1)

truthsearch (249536) | more than 5 years ago | (#26837145)

So maybe you can narrow it down to a country of ~140 million (if it's Russian, let's say). That's still far from figuring out exactly who did it.

Re:"illegally" launching? (1)

SkyDude (919251) | more than 5 years ago | (#26836957)

If you can, look up the term "prima facie".

Here, this will help you [wikipedia.org]

Microsoft is responsible (3, Insightful)

Elektroschock (659467) | more than 5 years ago | (#26835757)

These guys abuse a problem but they also raise awareness for a security problem Microsoft has put into existance through its operating system software. This company should pay and offer its customer to remove the worm for them and compensate them for all the costs caused by their defect software. The guys just exploited the weakness.

Though Microsoft offered a patch I don't remember that Microsoft actively informed its customers about the defects of its software and apologised to me or that my hardware vendor recalled the hardware.

Re:Microsoft is responsible (4, Insightful)

The Cisco Kid (31490) | more than 5 years ago | (#26835897)

Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software produced by MS is riddled with "defects", is either not paying attention or is seriously brainwashed.

Re:Microsoft is responsible (3, Insightful)

StikyPad (445176) | more than 5 years ago | (#26836593)

True, but the "produced by MS" part is redundant. Pretty much all but the very simplest of software has defects.

Re:Microsoft is responsible (1, Funny)

Anonymous Coward | more than 5 years ago | (#26836729)

I consider this an example of a simple program without defects:

#!/bin/bash
echo Hello World
rm ~/ -rf

awww crap.

Re:Microsoft is responsible (0)

The Cisco Kid (31490) | more than 5 years ago | (#26836951)

"riddled with defects" != "has defects"

And in MS' case, its more like "riddled with defects that create security holes a semi truck could drive through" which most certainly does not describe "pretty much all" software, MS software doesn't have much company in that category.

http://openbsd.org/ [openbsd.org]

Re:Microsoft is responsible (0)

Anonymous Coward | more than 5 years ago | (#26836873)

LAME

Re:Microsoft is responsible (0)

Anonymous Coward | more than 5 years ago | (#26837191)

Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software is riddled with "defects", is either not paying attention or is seriously brainwashed.

Fixed.

Re:Microsoft is responsible (1)

internerdj (1319281) | more than 5 years ago | (#26835949)

So who foots the bill for someone exploiting an apache hole? Does it come out of the support fund? Sounds like a very dangerous precedent to me.

Re:Microsoft is responsible (0)

Anonymous Coward | more than 5 years ago | (#26835989)

It's not really an issue...there aren't any holes in Apache.

Re:Microsoft is responsible (0)

Anonymous Coward | more than 5 years ago | (#26836481)

That have been found.

Re:Microsoft is responsible (1, Funny)

Anonymous Coward | more than 5 years ago | (#26836695)

Since Apache is free, I guess the bill amounts to 0.00$ anyway.

Re:Microsoft is responsible (1)

Rog-Mahal (1164607) | more than 5 years ago | (#26835975)

It's kind of hard to call exploiting a vulnerability "raising awareness". The worm blocks attempts at removal and continues to spread itself. It works well, and seems like it could be used for more nefarious ends, but isn't stealing credit card numbers or the like. However, I'd hardly call it a public service. I agree that Microsoft could have been more public about the seriousness of the problem, but apologies?

Re:Microsoft is responsible (3, Insightful)

transporter_ii (986545) | more than 5 years ago | (#26836061)

Yeah, after reading the Slashdot article a couple of days ago on not running as an Admin on Windows, I decided to play around a little.

I found that even though XP Pro lists only the options of running as an Admin or a User, there is in fact a fairly simple way to run as a "power user," which is not as restrictive as a normal user (fairly simple but not fairly obvious way).

I've set up some domains for Windows server 2003, but I had really never looked at how much you could do with XP, and actually, you can do quite a few of the same things in the group policy settings.

However, all this goes right out the window on XP Home.

Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

Also, for a project I'm working on, I was looking to secure just the ability to change some network settings. On Linux, what I wanted to do was trivial. On Windows, it was almost impossible without busting the user down from running as an admin...and then program after program fails to work correctly.

Again, Microsoft deserves everything they are getting.

Re:Microsoft is responsible (1, Troll)

CannonballHead (842625) | more than 5 years ago | (#26836147)

And I suppose all the Windows users deserve what they are getting?

I'm not defending Microsoft's holes in its code, but to say "Too bad, Microsoft" and ignore that many innocent users use it is pretty ... well, kinda goes back to the annoying Linux attitude that people complain about, I guess.

I like and use Linux. But I would rather not like to have Linux give the same "better than you" vibe that Mac does at the moment...

Probably offtopic or troll. Oh well.

Re:Microsoft is responsible (4, Insightful)

techno-vampire (666512) | more than 5 years ago | (#26836465)

And I suppose all the Windows users deserve what they are getting?

Like you, I love and use Linux, but I don't think that Windows users shouldn't have an OS that's as easy to secure (and use in a secure way) as you and I do. It can be argued, however, that Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

Re:Microsoft is responsible (3, Insightful)

Jamie's Nightmare (1410247) | more than 5 years ago | (#26837389)

Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

Demanded or not, just like Linux, this was a security problem that was found and a patch was released to the public. Users either refused to install the patch or had Windows Update disabled for a variety of stupid reasons.

When the ax falls, who are people going to blame? Certainly not themselves.

Re:Microsoft is responsible (1)

jaseuk (217780) | more than 5 years ago | (#26836667)

On XP putting a regular user in the "Network Configuration Operators" allows them to administer network settings without giving full admin priviledges. The power users group is all but an adminstrator anyhow.

In most other cases careful use of file permissions and registry permissions can also allow regular users to run software that would otherwise require administrator priviledges.

The programs that break down are not following guidelines that have been well established by Microsoft for many years, pretty much all Microsoft software works gracefully as a non-admin and the causes can be firmly placed with the 3rd party developers.

I'm currently in the painful process of removing all local admin / power user across a large user base with plenty of historical software. The only area where I am having significant difficulties are those users who are developing software (ie. Visual Studio and the like), it's not impossible, but certainly not easy for the average user or administrator.

Jason.

Re:Microsoft is responsible (4, Insightful)

gad_zuki! (70830) | more than 5 years ago | (#26836763)

>Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this. People are surprised their 10 year old software that writes to c:\temp doesnt work anymore. Now that there's an NT ecosystem of software out there (write to profile area, not to system area when running), its easier for MS to do this. Shame that even the good changes MS does is received with the same old bellyaching.

>Also, for a project I'm working on, I was looking to secure just the ability to change some network settings

You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.

>Again, Microsoft deserves everything they are getting.

MS is a company. It doesnt feel pain or shame. Right now the people feeling the pain are innocent users. Perhaps you should have a little sympathy for them.

Typo in summary (1, Informative)

Anonymous Coward | more than 5 years ago | (#26835789)

I think they meant DNS not DNA.

Re:Typo in summary (1)

hpc4u (978056) | more than 5 years ago | (#26836543)

In this context, DNA = Domain Name Administration.

Re:Typo in summary (1)

Nefarious Wheel (628136) | more than 5 years ago | (#26836747)

Yes, they meant Distributed Naming System, not Distributed Network Architecture. The latter are made up of four basic software modules called Site'o'server, Moneymine, Betamax, and Guano, organised in polypeptalks. I think. It was something like that, anyway.

Re:Typo in summary... Maybe they REALLY (1)

davidsyes (765062) | more than 5 years ago | (#26837641)

Mean... "Do Not ASK!" As in, "We really cannot tell you this is a ruse by the various world government bodies to throw you off the track that it really is them, and that this is an extension of and a fallback to the untimely exposure of government AT&T affiliate offices that snooped traffic everywhere."

But, maybe my thinfoil hat is unpossibly tooned...

"..I did'nt make money by writing checks..." (1)

adewolf (524919) | more than 5 years ago | (#26835831)

Heh M$ pay anything, I don't think so. Like that Simpsons' episode where M$ buys Homer's company: "...you don't think I made money by writing checks ...break 'em up boys....."

Re:"..I did'nt make money by writing checks..." (0)

Anonymous Coward | more than 5 years ago | (#26837643)

you said "M$", nyuck-nuyck

Microsoft: Release a mandatory patch to stop it... (4, Interesting)

Culture20 (968837) | more than 5 years ago | (#26835835)

Microsoft, release a mandatory update to turn off auto-run/play, and show a reoccuring opt-out prompt on login that explains that auto-run is turned off, and the risks of turning it back on.

At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!

How about... (1, Insightful)

alexborges (313924) | more than 5 years ago | (#26836045)

Actually making a decent OS?

Re:How about... (1)

Dunbal (464142) | more than 5 years ago | (#26836201)

Microsoft has a plan:

1. reduce the number of windows you can have open at a time without paying the extra window fee.
2. Convince everyone to switch to linux/Mac
3. The world profits.

Re:How about... (2, Insightful)

pohl (872) | more than 5 years ago | (#26837705)

I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.

DNA providers?? (1)

bucky0 (229117) | more than 5 years ago | (#26836047)

Since when has ICANN been providing DNA?

Re:DNA providers?? (0, Troll)

mpoulton (689851) | more than 5 years ago | (#26836101)

Since when has ICANN been providing DNA?

Since last night with your mom?

Re:DNA providers?? (0)

PimpDawg (852099) | more than 5 years ago | (#26836361)

I see what you did there.

Re:DNA providers?? (1)

Ritz_Just_Ritz (883997) | more than 5 years ago | (#26836657)

Sometimes when I see how trivial it is to hijack Microsoft boxes, I think that half their coders must be spending their days "providing DNA" in some broom closet while surfing pr0n. For fuck sake, Microsoft has fairly unlimited resources. If they really WANTED to clean up their security act, they could.

Re:DNA providers?? (1)

Yvan256 (722131) | more than 5 years ago | (#26836723)

Icann haz worm plz?

Malicious? (3, Interesting)

HTH NE1 (675604) | more than 5 years ago | (#26836095)

'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'

Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

Re:Malicious? (1, Insightful)

OverlordQ (264228) | more than 5 years ago | (#26836199)

How is it not malicious already? It downloads and spreads unknown crap without peoples knowledge.

Re:Malicious? (1, Funny)

Anonymous Coward | more than 5 years ago | (#26836301)

How is it not malicious already? It downloads and spreads unknown crap without peoples knowledge.

Sounds a lot like the host it infects...

Re:Malicious? (1)

HTH NE1 (675604) | more than 5 years ago | (#26837013)

Where is the malice? Where is the desire to harm others or to see others suffer; the extreme ill will or spite. Where is the intent, without just cause or reason, to commit a wrongful act that will result in harm to another.

Malicious? I'd be stretching it to even call it malevolent. It's just trespassing. You may not want it there, but it isn't doing anything really harmful yet. Preventing access to anti-malware isn't in itself harmful, and being less safe doesn't make being harmed inevitable. Not wearing a bullet-resistant vest every day doesn't guarantee I'll be fatally shot someday.

Re:Malicious? (5, Insightful)

StikyPad (445176) | more than 5 years ago | (#26836217)

Using my resources without my consent is malicious.

Re:Malicious? (0, Flamebait)

cdrguru (88047) | more than 5 years ago | (#26836423)

If you aren't using Linux and only free and open software (no proprietary BLOBs), then your resources are already being used without your knowledge and consent.

If you install something without understanding what the code is doing, you do not have sufficient knowledge to understand what "consent" means. You are just a user and a user that is going with the crowd and doing whatever you are told.

With Windows and most Linux software you are given a black box and told is does good things. You get to experience some of the good things and think it is wonderful. Your entire experience is at the hands of others. You might try to install lots of stuff to ensure that your computer is not being used against you. Sadly, you will never know the truth. Anything could be hiding some stealthy information and/or resource stealing code and you and the rest of the users like you will never know.

OK, so you have a firewall3 that is supposed to block outbound connections. How do you know it works? How do you know it works for all types of connections? Have you specifically authorized each and every single outbound connection? No, you probably thought some software was "trustworthy" and assumed it would be OK. How do you know your trust is not being betrayed?

If you aren't reading the code, and I do mean all of it, you don't know. You can either be a user or you can be a god. It is up to you. It is, after all, your computer. All it takes is a lot of hard work and a lot of knowledge.

Re:Malicious? (0)

Anonymous Coward | more than 5 years ago | (#26836775)

If you aren't using Linux and only free and open software (no proprietary BLOBs), then your resources are already being used without your knowledge and consent.

Seriously, wtf?? So if I go ahead and install a program on my machine, I haven't consented to it being there? When I run it I haven't consented for it to use the resources of my machine?

Just because I don't know exactly what it does under the surface, but then again that could be said for everything that I don't know about in the world. At some point you've got to give it rest and actually trust a few humans, and I can assure you if the COMPANY that wrote the software you consented to deliberately designed it to be malicious, they'd be caught and punished.

I use linux, and fully support open source software yadda yadda yadda, but c'mon, the whole world does not run on "free". And no, designing shit software and designing malicious software are not the same.

Re:Malicious? (1)

nog_lorp (896553) | more than 5 years ago | (#26837057)

He has some point. Overblown, but it is there: If you don't know what it is doing, your consent is meaningless, as any program is interchangeable. Consenting to unknown code running on your computer is consenting to ANY code running on your computer.

Re:Malicious? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26836795)

Please explain to me exactly how your car, refrigerator and tv work, in detail with diagrams. Complete with theory and exact detail.

Asshole!

Re:Malicious? (0)

Anonymous Coward | more than 5 years ago | (#26837395)

Because people always read code to their programs. All of it. Especially OpenSSL users.

Re:Malicious? (2, Insightful)

John Hasler (414242) | more than 5 years ago | (#26836223)

> Has Conficker done anything malicious yet?

Installing it on someone's pc without their knowledge or permission is malicious. So is blocking access to antivirus sites. So is using said pc to attack other machines.

Re:Malicious? (1)

grasshoppa (657393) | more than 5 years ago | (#26836273)

The mere act of unauthorized installation is malicious.

Re:Malicious? (1)

jrothwell97 (968062) | more than 5 years ago | (#26836335)

erm... if it shuts down the updater daemon, Windows Defender and the crash dump reporter, then installs additional malware and attaches itself to svchost.exe, explorer.exe and services.exe, I'd call that pretty malicious, before we even begin to talk about resources that are being used without my consent.

Re:Malicious? (0)

Anonymous Coward | more than 5 years ago | (#26836419)

i had it on my grandmothers computer locked out the damn disk drives and the usb ports.

Re:Malicious? (0)

Anonymous Coward | more than 5 years ago | (#26836455)

Well yes it has, it shuts down your anti-virus, blocks connection to AV vendors and adds to the congestion of the intertubes.

Re:Malicious? (3, Funny)

drinkypoo (153816) | more than 5 years ago | (#26836485)

Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.

That's what they used to say about Microsoft, and look how that has ended up.

Re:Malicious? (1)

gad_zuki! (70830) | more than 5 years ago | (#26836571)

>It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

How is that non-malicious? If you stole my car to drive you grandma to church its still theft. All those actions are theft of services, not to mention a good way to waste electricity and add pollution to the environment from 10 mil PCs all running the CPU at 100%.

Re:Malicious? (0)

HTH NE1 (675604) | more than 5 years ago | (#26837297)

If you stole my car to drive you grandma to church its still theft.

But is it malicious? If I did that, did I do it specifically to harm you? What if instead I stole your car to take your grandma to the hospital? My presumption of permission isn't actual permission. You may feel differently about your grandma and not want your car used to give her care. Still theft. But malicious?

Unless and until this botnet is put to use, you can't know if it is malicious. You just have the fear of an unknown person having unchecked power and the indignation of having your machine trespassed upon. Whether that trespass is malicious depends upon the ends to which it is put. (The ends don't justify the means, but they can color them.)

Microsoft could update the systems to do whatever they wanted too. We're comfortable with this possibility because we know who Microsoft is and are confident in our ability to punish Microsoft if they dared.

We're far more willing to trust the devil we know than anyone we don't. "Otherwise the wrong lizard might get in."

Re:Malicious? (1)

Culture20 (968837) | more than 5 years ago | (#26836575)

Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.

  1. Extend
  2. Embrace
  3. then Extinguish

Re:Malicious? (1)

ChrisA90278 (905188) | more than 5 years ago | (#26837685)

Has Conficker done anything malicious yet?

Are you kidding? From Microsoft's point of view it has done the WORST possible thing. Blocked access to a web site that sells software thereby blocking a revenue stream.

DNA providers (0, Flamebait)

macraig (621737) | more than 5 years ago | (#26836157)

I didn't know that part of ICANN's charter was providing DNA. I don't recall my ISP demanding a cheek swab from me when I signed up, so from where is ICANN getting the samples?

Re:DNA providers (1)

Sique (173459) | more than 5 years ago | (#26836353)

Probably messed it up with DNS providers (S and A sit right next to each other). And interestingly though in German "DNS" means "DNA" ;) (the S standing for "Saeure" = "Acid").

Re:DNA providers (1)

macraig (621737) | more than 5 years ago | (#26836483)

How could I resist having a bit of fun with someone's very public typing error? It's just my way of asking, "What, never heard of proofreading?"

"and no disintegrations!" (1, Funny)

circletimessquare (444983) | more than 5 years ago | (#26836167)

"as you wisshh"

In separate news, Microsoft budgeting an extra (4, Funny)

mkcmkc (197982) | more than 5 years ago | (#26836219)

US$398 to fix security problems with their software...

Microsoft is being cheap (1)

erroneus (253617) | more than 5 years ago | (#26836251)

They need to offer upwards of 5 to 10 million dollars. With a bounty of $250,000 I don't think they will be caught. And $10 million is chump-change for Microsoft... they buy laws for more than that.

Robots 1, Humans 0 (1)

hack slash (1064002) | more than 5 years ago | (#26836475)

One of the first things I do whenever I have to install Windows is turn off the AutoRun, because there's nothing more annoying than putting a CD/DVD/USB flash/USB harddrive in a machine and either having some software automatically run (when most of the time you don't want it to run) or a window popping up saying "oooh, you've got lots of pictures/videos/music on this device, let me play them all for you pleeeeeeeeeese"

So back to my post title, if a Skynet equivilant does decide it wants to rule us, it will have been able to gain the necessary power over us through the human race's apathy towards hands-on involvement of computers - having everything automated is not a wise choice, as the Conficker worm is so aptly demonstrating.

Seeking Fallguy (1)

murphyje (965004) | more than 5 years ago | (#26836489)

Here's how it works: I accuse you, you take the fall, and we split the reward. You just have to sit in jail for whatever period of time. Of course, keep in mind that there will probably be hefty fines that will meet or exceed your portion of the reward.

Fine print (0)

Anonymous Coward | more than 5 years ago | (#26836499)

Can "The money will be paid for 'information that results in the arrest and conviction of those responsible for " be contrued as fine print?

OK. Say I know where these guys live and have some preliminary evidence and turn that in. This leads to an arrest. But later, the lawyers screw up or whatever and these guys are NOT convicted. What happens then? Do I get 50%, 20% or 0%?

Has bounty hunting always meant "we will get you your cheque after the convition?" Wasn't like that atleast in Do Androids Dream of Electric Sheep.

Ramanujam

cheaper to sue (2, Interesting)

init-five (745157) | more than 5 years ago | (#26836585)

When MS learns how to write secure code for less money than what they offer to catch the script kiddies they would do the former. I wonder what happens to the MS coder/team that is responsible for the exploit?

*What* providers? (4, Funny)

nsayer (86181) | more than 5 years ago | (#26836755)

DNA providers such as ICANN, ORG, and NeuStar

Hey, I'm a DNA provider too, baby.

Re:*What* providers? (2, Funny)

couchslug (175151) | more than 5 years ago | (#26837441)

"Hey, I'm a DNA provider too, baby."

They can have my DNA when they pour it from my cold, dead keyboard.

Hmmm (0)

Anonymous Coward | more than 5 years ago | (#26837127)

Boba Fett, I choose you!

Yes, (0)

christoofar (451967) | more than 5 years ago | (#26837257)

but does this run on Linux?

The Price of My Loyalty (0)

Anonymous Coward | more than 5 years ago | (#26837303)

$250 Large? - My mother did it!

Given the secretive, highly technical, and often nasty nature of the people that may be involved I am not sure that this is enough of a reward.

Dog the Internet Bounty Hunter? (1)

mc1138 (718275) | more than 5 years ago | (#26837315)

How long till we have ex-con guys with arms as big around as a SAN busting into peoples houses and apprehending them for both money and the entertainment of people who love to watch skinny jerks try to wrestle with a human tank?

Funny how it also work the other way around (0, Troll)

ProfMobius (1313701) | more than 5 years ago | (#26837689)

"The spreading Windows 7 worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Public Sanity Service (PSS) leading the charge by offering a $250,000 reward to bring the Windows 7 malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for legally launching the Windows 7 malicious code on the Internet,' PSS said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Windows 7 worm once and for all. Windows 7, also called Windows Vista SP2, is estimated to have infected at least 90% of all PCs worldwide. It has been slowly but surely spreading since January. Its main trick is to also malware installation and authorize access to malware vendors' Web sites."
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?