Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Reward Leads to Arrest of Sasser Suspect

CmdrTaco posted more than 10 years ago | from the thats-pretty-cool dept.

Security 287

tritone writes "According to this article on CNET, it was a reward from Microsoft that led to the arrest of the perpertrator of the Sasser Windows Worm. This is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses."

cancel ×

287 comments

Sorry! There are no comments related to the filter you selected.

Dirty Linux hippie (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9099716)

first fist (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9099719)

first fist is when you fist someone first in quake 3 arena

FP! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9099722)

First Post!

I LIKE TO PLAY WITH MY ANUS WHEN I MASTURBATE (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9099724)

*rub* *fap* *rub* *fap* *rub* *fap* *rub* *fap*

Oh, guess what ... (2, Interesting)

Leffe (686621) | more than 10 years ago | (#9099726)

... Microsoft should have used the money to audit their code or something ...

Re:Oh, guess what ... (1, Insightful)

betelgeuse-4 (745816) | more than 10 years ago | (#9099730)

It's going to take way more than $5million to clean up the Windows code.

to finish the sentence... (1, Funny)

Anonymous Coward | more than 10 years ago | (#9099833)

It's going to take way more than $5million to clean up the Windows code.
with army of indian developers.

Re:Oh, guess what ... (1)

BorisZ (772356) | more than 10 years ago | (#9099735)

As much as I dislike MS, trying to keep virusses at bay with things like this is a pretty good move.

Re:Oh, guess what ... (3, Insightful)

betelgeuse-4 (745816) | more than 10 years ago | (#9099782)

It appears the reward is only offered once a virus has done some serious damage, so it only has the effect of stopping one virus coder at a time. It does nothing to stop aspiring young virus writers from aspiring to be virus writers.

Re:Oh, guess what ... (4, Insightful)

John Seminal (698722) | more than 10 years ago | (#9099837)

It appears the reward is only offered once a virus has done some serious damage, so it only has the effect of stopping one virus coder at a time. It does nothing to stop aspiring young virus writers from aspiring to be virus writers.

It has deterent value. It says if you become good at writing viruses you will get nailed. Maybe MS does not care about the young kid messing around who does not damage anything. Microsoft is showing good restraint.

Plus, I cant help but think that comment is typical of how people treat MS. They either complain they are not doing enough or too much.

Re:Oh, guess what ... (2, Interesting)

ta bu shi da yu (687699) | more than 10 years ago | (#9099853)

Or... it encourages people to keep writing viruses, knowing that the more individuals who write viruses, the less ability Microsoft is going to have to offer $250,000 to $5.0million rewards.

Let's say that 10 viruses get released, each by a different person. 10 x $5million = lots of money, even for a corp. as large as Microsoft.

Re:Oh, guess what ... (2, Insightful)

Vargasan (610063) | more than 10 years ago | (#9099928)

Did you already forget the $600 million fine they got in the EU?

$50 million is penny candy for Microsoft.

Deterence vs. Prevention (3, Insightful)

Naked Rayburn (776986) | more than 10 years ago | (#9099907)

It has deterent value. It says if you become good at writing viruses you will get nailed. Maybe MS does not care about the young kid messing around who does not damage anything. Microsoft is showing good restraint.

It may deter kids but certainly not pros. Rewards rely on enough individuals knowing who commited a crime so that at least one betrays the criminal. With kids that's easy since they're publishing their exploits as part of a game. With pros, no way. When terrorists and organized criminals write and distribute viruses, expect the MS reward to have much less impact.

Prevention through proper security, OTOH, cuts against both kids and pros. Cut out the exploit and you cut out the damage. Of course, MS management knows this...

Naked Rayburn

Re:Oh, guess what ... (0)

Anonymous Coward | more than 10 years ago | (#9099864)

This statement appears to have some correlation to the state of affairs in the Middle East. As such, it has been confiscated by the CIA and is being analyzed for content. We will return your statement to you within 3 - 5 business years.

Priceless (2, Funny)

ShieldW0lf (601553) | more than 10 years ago | (#9099766)

This is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses."

Reward Money: $5,000,000.00
Perps Pay: $5,000,000.00
Psychological Effect: Priceless!

Re:Oh, guess what ... (1, Insightful)

tomstdenis (446163) | more than 10 years ago | (#9099772)

How does this get an interesting mod?

That's right up their with pointing out the series of bugs in A-patchy webserver, or the various permission escalations in the lenux Kurnul.

Look, I'm l33t, I point out the flaws of one company to make myself look l33t. When those flaws are actually shared by basically all other software firms out there.

Now I'm not an MS fanboy [run Gentoo] but that doesn't mean I can stand idiots like you. Let's see you try and write an OS that can even *half* compete with Windows and not have any bugs. Then you can sit here and be all mighty about what a company should or should not do.

Tom

Re:Oh, guess what ... (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9099813)

Real geeks like you and myself have come to this realization, these guys aren't even trolling most of the time -- they just actually get into the mob mentality without reasoning using any real though. All those fellers going for a +5 funny just som they feel accepted. Don't feed the slashbots.

Re:Oh, guess what ... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9099861)

You, Sir, are a failure.

1. You failed to see why my post got moddded up to +5.
2. You failed to see that this is my job. I'm a karma whore, I post crap like this all day long to feel good. Eventually saving it all up for a karma suicide or something. Quite unlikely though.
3. Your kind is not wanted here, either you troll or whore, that's how it is.

-Leffe

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.3-nr1 (Windows 2000) - GPGshell v3.10

owFtkT1LA0EQhvNBmugViX9gwEBA44EREWxioUjARmwMBMIm N3 e35u722NtNOAQR
RLASsUoTDdgJVhKQdHb5GYJ/wtK5i1oJy7 LMx/POO3tn5DO50m 7F2xkvhZXsS/aq
u3zhhI6SLDZ7Xrj3cDhpCV2DEy5rwCQCA5 txT0s0jaJR3DSB0m kILVACIkQYujH4
MYQiUuAIBb6wLIvSOkwq1reps/5fn3KZoo tHQIcAZ6JrQrPqk2 afSZ8RWEisQXOB
7kkWgsf7uOhhngcWi8ETgZMQbUSP5IVlws EAA6WpIIaIDTjluU rraSJbyD9+pHmP
WwgUioSPhA0cE441Vwg6SKSIoFyhHZc8bK UeJPR5YCUTB2R1yA JFhlxM5kSu6AEx
GVVSkBxxfywkVqsRuGKYjMKjdJkbR2jbaB RvGvlCJtn877+Ucn olMy5P54Py7ft5
p/B22nzOr7Y67evMI6/vz0ZrX/ej+evkad r4mH22L78B
=lnV8
-----END PGP MESSAGE-----

Yes, this is me :D I've become a privacy nerd lately, my FS is not encrypted yet though, I'll wait for that until I get a laptop later this year.

Re:Oh, guess what ... (0)

Anonymous Coward | more than 10 years ago | (#9099878)

GPG 1.2.4 is out.

Why? (3, Insightful)

John Seminal (698722) | more than 10 years ago | (#9099784)

Just because the code is not secure, does that give another person a right to cause harm? It is like saying that if I leave my back door unlocked at night, I am to blame if someone breaks in. I say that is bullshit. I say I have a gun, and if someone breaks in, they are getting shot. And that is how this guy should be treated, as a criminal thug.

How much money does Microsoft have to spend making their operating system, and how perfect and secure does it have to be?

Maybe if it was not for the virus writers, the cost of Windows would be cheaper. Maybe beacuse of the virus writers Microsoft has to spend more money?

I think it is horrible for someone to defend a criminal because the criminal had oppertunity to commit a crime.

Re:Why? (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9099912)

If I'm spending $300 on a piece of software, I don't want to get fucked as soon as I install it.

Windows XP Home is $150 CAD right now. If I'm spending that much money on something, I'd like it to work at least SEMI-reliably. But, no, Microsoft isn't at fault for this horrible software.

How much money do they have to spend on making it? As much as it takes to make a good product. Would you want these kind of flaws and errors in any of the other products you purchase? I doubt it.

Yes, the kid is a criminal in the fact it could have cost people's lives (UK Coast Guard), but should the people that require that kind of reliability use this software? No, they shouldn't, but Microsoft and other feed everyone with the thoughts that Microsoft is the only way to go.

Re:Oh, guess what ... (1)

4A6F656C (530559) | more than 10 years ago | (#9099866)

My thoughts exactly. Why put up $5 million dollars to catch people who write virii and worms that exploit known security holes? Wouldn't that money be better spent working to improve the security of said software?

After all, it's only a matter of time before one of these virii or worms is malicious and does far more than just slow down sections of the Internet. Microsoft bashing aside, lets face it, $5 million in reward money isn't going to help people who have had all their Microsoft Office documents removed or their MBR deleted by the a worm that exploits the next big security hole.

Sigh!

Good (3, Insightful)

Omega1045 (584264) | more than 10 years ago | (#9099731)

Good. All anti-MS "They should have written more secure software" comments aside, I am glad they were able to catch this guy if it is him. I am glad the reward worked. In the end there is one person that is really, truly responsible for the virus and that is the virus writer. Now I wonder how much of the $5m pot the informer(s) will get.

That depends... (5, Funny)

PetoskeyGuy (648788) | more than 10 years ago | (#9099771)

The $5 Million reward is only payable in Vouchers for Microsoft Software.

Re:That depends... (2, Funny)

Anonymous Coward | more than 10 years ago | (#9099899)

That's almost enough for a legal copy of Windows XP and Office XP!

Re:Good (3, Informative)

Night Goat (18437) | more than 10 years ago | (#9099776)

The article discusses how much money was paid to these informants.

"Aware of this program, individuals in Germany approached Microsoft investigators," Smith said. "We did not hesitate and made a decision to offer a reward of $250,000."

Smith wouldn't say how many people came forward, except to indicate it was fewer than five. Moreover, while he would not comment on whether a relationship existed between the Sasser suspect and the informants, he did say that they both live in the same part of Germany.

Re:Good (3, Insightful)

aaribaud (585182) | more than 10 years ago | (#9099777)

Of course, we should keep in mind the fact that unlike with bank robbers or muggers, arresting virus/worm writers once a virus or worm is out in the wild does not stop the virus/wrom from spreading. This somehow reduces the usefulness of the MS initiative.

Yea but it stops new worms from that guy FFS.. (1)

FatSean (18753) | more than 10 years ago | (#9099875)

I mean...this is Insightful?

Re:Good (2, Informative)

gargan (4764) | more than 10 years ago | (#9099779)

$250,000 supposedly

Re:Good (2, Insightful)

Draxinusom (82930) | more than 10 years ago | (#9099780)


The suspect had been identified by acquaintances seeking a $250,000 reward.

http://www.washingtonpost.com/wp-dyn/articles/A111 60-2004May8.html [washingtonpost.com]

Remember, kids, no more bragging about those worms to real-life acquaintances!

Re:Good (1)

killbill! (154539) | more than 10 years ago | (#9099936)

I wonder what impact it will have on the likelihood of teenagers releasing viruses just to have something to brag about.

As we all know, bragging rights do matter for many a teenager. Yet, if bragging about writing a virus gets you nailed, this might remove an "incentive" to write viruses.

Or will it really? It's not like most teens really cared about risk/reward before doing stupid stuff that they think is "cool" ;p

Re:Good (3, Interesting)

c (8461) | more than 10 years ago | (#9099799)

I am glad the reward worked.

Well, it maybe worked once. The people turning the guy in might have done it even if the reward wasn't available.

Microsoft announced the reward program almost a year ago and that this is the first worm actually resulting in a claim suggests, in fact, that the reward program is mostly a failure.

c.

Re:Good (3, Informative)

ATAMAH (578546) | more than 10 years ago | (#9099801)

$250000
Same reward was offered for the information about the authors of Sobig, msblaster etc.

Good like the lesser evil? (5, Funny)

Clinoti (696723) | more than 10 years ago | (#9099822)

Other people are not happy that this guy was caught because you have to subtract the disappointment from the companies that profit from viruses, and adware, and spyware. Just another angle to look at.

I wonder if MS can keep up this effort and if we'll eventually start to see sponsored virii [viruslist.com] added to the real TCO for windows OS'. Oh wait.

Re:Good like the lesser evil? (2, Insightful)

hype7 (239530) | more than 10 years ago | (#9099873)

I wonder if MS can keep up this effort and if we'll eventually start to see sponsored virii added to the real TCO for windows OS'.


You bring up an excellent point. Almost all the research methodologies for examining TCO do NOT include virii losses/downtime. However, they're starting to get far from non-trivial (like the Finnish bank that went offline for a day because of Sasser... imagine the cost) and are often the motivation for an organisation to start looking at alternatives to Windows - ie MacOS X and Linux.

-- james

Re:Good like the lesser evil? (1)

LilGuy (150110) | more than 10 years ago | (#9099935)

I believe houston's airports were closed for a day as well. I can't imagine the hell the admins must have went through.

Re:Good (1)

grumbel (592662) | more than 10 years ago | (#9099908)

And how does catching this guy help here at all really? It doesn't stop the virus, it doesn't undo the damage the virus has created, neither does the guy have enough money to pay the once that got damaged. At best it might stop this guy the write another virus, but thats it, there are thousands of people out there that happily will jump in and create new viruses, this guy wasn't some special super brain, writing that virus wasn't that difficult.

I get the feeling that this is really just a huge PR stunt so that Microsoft can say "Hey, we did something and catched the guy!", thus hiding the fact that the real problem is Microsoft that can't get their OS secure. Viruses and Virus writer are just the symptom, not the cause of this whole issue. If people wants to stop this happening again they need to start at Microsoft, not at some lonly virus writer somewhere out there.

Author's usenet logs (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9099732)

From my research, he used usenet and IRC a fair bit. Here's a record [about.com] . I can see that he has some social problems.

I wish... (4, Funny)

zaunuz (624853) | more than 10 years ago | (#9099738)

...that MS would hand out those rewards to those who turned in people that used pirated versions of their software. Not that i care about Microsoft piracy at all, but I know a few assholes, and I could need the money.

Re: I wish... (1)

Black Parrot (19622) | more than 10 years ago | (#9099760)


> ...that MS would hand out those rewards to those who turned in people that used pirated versions of their software. Not that i care about Microsoft piracy at all, but I know a few assholes, and I could need the money.

Wonder what's the ROI for releasing a virus and then ratting on yourself.

Re: I wish... (4, Insightful)

Kjella (173770) | more than 10 years ago | (#9099781)

Wonder what's the ROI for releasing a virus and then ratting on yourself.

Wonder what's the ROI for releasing a virus by framing an asshole and then ratting on said asshole.

Kjella

Re: I wish... (1)

zaunuz (624853) | more than 10 years ago | (#9099786)

Well, i doubt that you will get the reward for turning in yourself, however, if it was possible, i would gladly spend one year in jail for $5.000.000.. I guess the punishment would be more than one year, but i guess i could stay in jail for about $1m per year.

Re: I wish... (1)

jbrw (520) | more than 10 years ago | (#9099885)

...and think of the money you'd save on hiring male escorts.

So many upsides for you. I say go do it.

Re:I wish... (1, Funny)

Anonymous Coward | more than 10 years ago | (#9099798)

...that MS would hand out those rewards to those who turned in people that used pirated versions of their software. Not that i care about Microsoft piracy at all, but I know a few assholes, and I could need the money.
Dude, now why would you go and turn yourself in?!?!

Re:I wish... (0, Troll)

Seth Finklestein (582901) | more than 10 years ago | (#9099823)

Those "assholes" of which you speak are executing their Fair Use rights under section 432.5(f) of the United States Code. For example, I was considering whether or not to deploy the Windows 2000 Datacentre Server in a large datacentre. To test it out, I liberated a copy from Guntella. Is this illegal? If so, string me up.

Of course it's legal. It's only FAIR that I get to USE the software before deciding whether to buy it.

Re:I wish... (1)

DrEldarion (114072) | more than 10 years ago | (#9099976)

I have a feeling they LIKE when individuals use pirated copies of Windows. The more copies they have out there on computers, the better for them.

Pirated software helps them maintain their lead in the OS market. If they started to crack down on all the illegitimage copies of Windows out there, I'm sure there would be a lot of people looking for a free alternative to Windows, which is bad for MS.

It seems fitting... (4, Insightful)

ColdWetDog (752185) | more than 10 years ago | (#9099753)

That Sasser's writer was discovered by that very old hat and low tech method of greed. For a few moments after the alleged perpetrator had been arrested, I had thought that M$ had managed to actually do something proactive and clever.

I suppose throwing money at the problem is proactive, but hardly clever.

In this complex and often terrifying world, it's nice to know that some things never change.

Re:It seems fitting... (1)

m1chael (636773) | more than 10 years ago | (#9099770)

Amoeba, you don't have to be clever to be successful.

Note to self... (5, Funny)

Black Parrot (19622) | more than 10 years ago | (#9099754)


Don't go bragging about your next virus release.

Re:Note to self... (1)

ATAMAH (578546) | more than 10 years ago | (#9099817)

This depends... on what the forseeable penalties are like :) I mean, maybe someone will adopt this as a business model, to say so. Like, one writes the virus/worm, the other "tells on him", both share the reward ... :)

Re:Note to self... (1)

ThePatrioticFuck (640185) | more than 10 years ago | (#9099844)

Or at the very least, don't brag around your buddy who's short of beer money that week :)

Re:Note to self... (1)

DNS-and-BIND (461968) | more than 10 years ago | (#9099895)

It's nothing new...people used to join #hack and brag about machines they rooted. A narc or ddrew would log what they said, and open an investigation. Teenagers are stupid.

Linux has worst problems (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9099755)

The Open Sores world will never admit to problems. Just ask slashdot, whose servers went down this week,and they continue to refuse to mention it ever happened. This zealotry is usually only seen in terrorists, which makes one wonder, who are these open sores people, and what exactly do they do with the software? Do they write viruses? Perform DDOS attacks? Hack? Steal data and money? Yes to all these questions!

Microsoft Rewards (5, Interesting)

mr_z_beeblebrox (591077) | more than 10 years ago | (#9099759)

While I do agree that they need to do better (not more) auditing of code, I also think it is admirable that they are taking responsibility for the damage in some way. Props to Microsoft.
Suggestion, instead of suing security companies who find and point out vulnerabilities they should implement rewards there. For example, if xyz security found a vulnerability they could either
A: release it to the news/public and risk MS ire
or
B: Submit it confidentially to the MS bug track for a hefty reward
Yes, that lacks disclosure but it is a healthier system than now exists.

Re:Microsoft Rewards (3, Insightful)

Peyna (14792) | more than 10 years ago | (#9099788)

Part of the agreement should be that when you submit the vulnerability to MS, you agree to keep quiet for X amount of time, they agree to give you some reward. After X amount of time, you should be able to then release the information to the public.

Of course, the only problem is, if you told them and kept quiet, chances are someone else is going to find that same vulnerability who might not play as nice.

Re:Microsoft Rewards (0, Troll)

wiresquire (457486) | more than 10 years ago | (#9099859)

...I also think it is admirable that they are taking responsibility for the damage in some way. Props to Microsoft.

Oh, come on troll! You call that taking responsibility?

How about paying for the time of all the admins that have been running around patching systems to get rid of it?

Re:Microsoft Rewards (5, Insightful)

toopc (32927) | more than 10 years ago | (#9099979)

How about paying for the time of all the admins that have been running around patching systems to get rid of it?

The patch for Sasser was available 3 weeks before the virus was released. I don't know about you, but I'd rather pay an admin to install a patch before the virus hits, than to pay him because he's busting his ass fixing a problem that he should have avoided.

Actually . . . (4, Funny)

Idou (572394) | more than 10 years ago | (#9099863)

"A: release it to the news/public and risk MS ire
or
B: Submit it confidentially to the MS bug track for a hefty reward"

That system already exists.It is called "Black Mail."

Looking forward to the fallout... (4, Interesting)

John Seminal (698722) | more than 10 years ago | (#9099763)

The arrest could lead to more suspects.

I wonder what kind of deals are being offered right now for him to turn in friends and information? I wonder what is on his computer? All it takes is one informant for the police to get warrents to search all his friends and known acquaintances computers, so I am thinking there will be a bigger fallout than just one guy. I just hope they don't let the big fish off the hook to get 10 smaller fish.

I wonder if this will be the start of the dominos falling. He turns in his friends, who in return turn in their friends. Then next thing you know the FBI is knocking on your door asking to look at your computer. In some ways, I welcome that. It gets to be exhausting fixing computers from all the viruses and spyware and crap.

I am just glad that with him in jail there will be more security. One less bad guy to worry about.

"with him in jail there will be more security" (1)

da5idnetlimit.com (410908) | more than 10 years ago | (#9099827)

nope.

With him in Jail, you just have one (more) guy in Jail.

Educating users, making them patch regularly, etc + having a clean system will do the trick for more security.

Also, using worms to auto patch the damadged and damadging machines would be ultimately the nice, if illegal, solution...

I know this has been debated before, and that having another can of worms spreading could do some damages, but it would be faster than waiting for all the people in the world to patch their systems...and keep the initial infection at bay, a bit like your own body reacts to intrusion.

Re:Looking forward to the fallout... (1)

MrMr (219533) | more than 10 years ago | (#9099868)

Then next thing you know the FBI is knocking on your door asking to look at your computer
It appears you missed the part where the USA reoccupy Germany in your scenario.

Re:Looking forward to the fallout... (1)

red30 (684574) | more than 10 years ago | (#9099881)

I wonder what kind of deals are being offered right now for him to turn in friends and information?

Not to mention the job offers from Microsoft for when he gets out of prison.

Re: Looking forward to the fallout... (1)

Black Parrot (19622) | more than 10 years ago | (#9099887)


> I wonder what kind of deals are being offered right now for him to turn in friends and information?

I wonder whether they're making him wear girls' underwear on his head until he talks.

Re:Looking forward to the fallout... (1)

Tim C (15259) | more than 10 years ago | (#9099937)

Then next thing you know the FBI is knocking on your door asking to look at your computer.

Only if someone he turns in (turns in someone who turns in someone who turns in...) someone you know who's found to be one of those smaller fish, *and* he names you.

Re:Looking forward to the fallout... (2, Interesting)

wwwillem (253720) | more than 10 years ago | (#9099961)

All it takes is one informant for the police to get warrents to search all his friends and known acquaintances computers....

Mmmm, not so sure about that. Many of his friends are in his addressbook probably listed as "32ggy99", "bigbuster" or whatever. Given the use of mainly IRC for communication, chances are that this suspect is completely in the blue who his buddies are.

Positive thinking? (4, Insightful)

Idou (572394) | more than 10 years ago | (#9099977)

Look, if an anti-social 19 year old can create such a devasting worm, I am afraid the odds are against this strategy of fighting the problem. What, there must be a 100 MILLION other kids just like him, playing away on their windows computer, looking to be more than just a pimple faced teenager.

Let's see, ingredients to a killer windows worm:

1. Anti-social teenager
2. windows computer
3. internet connection
4. some free time (see 1.)

Sorry, this is just not the way to resolve the problem. It is just too easy, not even worth celebrating. No wonder MS is ONLY investing 5M in this method (what is 5M to MS?).

Microsoft is better at arresting people ... (0, Insightful)

Anonymous Coward | more than 10 years ago | (#9099773)

... than at making good software.

Not that I think the virus maker is a cool guy but I think there will allways be a virus maker, isn't it in human nature ?

I think a so big program as Windows is should not be controlled by a so small group of people.

Coming soon to the Microsoft website: (1)

m1chael (636773) | more than 10 years ago | (#9099783)

The top 20 most wanted.

Re:Coming soon to the Microsoft website: (1, Funny)

Anonymous Coward | more than 10 years ago | (#9099790)

Put Lunix Torvaldos at the top of the list.

STRICTLY CONFIDENTIAL BUSINESS PROPOSAL (-1, Offtopic)

janiz (704972) | more than 10 years ago | (#9099791)

Greetings and salutations,

I am the Widow of the late CEO of Microsoft Nigeria, Kayode Adeyemi.

I found in my back yard 5 Million Dollars. I understand that this email may come to you as a surprise but I assure you that I am completely serious and I hope that you will fall for this one.

Blah blah blah.

Proof ? (1, Insightful)

veg (76076) | more than 10 years ago | (#9099792)

How are they going to prove a specific person wrote the code ? Unless he confesses there can't be anything other than circumstantial evidence can there ?

Having said that, we *know* the poor kid's going down, which prompts the question, could anyone dump someone they don't like right in it, and then get a fat reward ?

Re:Proof ? (4, Insightful)

John Seminal (698722) | more than 10 years ago | (#9099820)

There is proof.

1) They can show he had the ability to write it.

2) They might have people who he told he wrote it.

3) There might be evidance on his computer.

4) They can look at how it spread, and what he had access to.

5) They might have been tracking his internet activities, seeing where he was and what he was doing (they had probably cause).

I think there are many things the police can do to find out if it is him.

Re:Proof ? (1)

cgenman (325138) | more than 10 years ago | (#9099880)

And if he is wise,

6) He does this all remotely on a technically competent associate's computer.

7) He turns in his associate.

8) Profit.

Re:Proof ? (0)

Anonymous Coward | more than 10 years ago | (#9099830)

he did confess you greasy pillock!

He confessed - why don't you know? (0)

Anonymous Coward | more than 10 years ago | (#9099913)

Re:He confessed - why don't you know? (1)

veg (76076) | more than 10 years ago | (#9099955)

I know!

The point I was trying to make is: if he didn't, how could they have got him ? All of the "evidence" listed a couple of posts above is just circumstantial.

More validation of Microsoft's central philosophy: (5, Funny)

Anonymous Coward | more than 10 years ago | (#9099796)

Specifically: You can buy anything.

Re:More validation of Microsoft's central philosop (2, Interesting)

horatio (127595) | more than 10 years ago | (#9099929)

Specifically: You can buy anything.

Except secure code, apparently.

This whole reward thing is nothing more than a PR move. Microsoft comes out looking like the hero for offering the reward which led to the capture of some kid, masking the fact that their crappy code allowed this to happen.

Two questions arise from this:
- What will be the fallout in terms of orgs moving to non-MS platforms (MacOS, Linux, etc)?
- By most accounts, this particular virus/worm was very poorly written. My understanding is that this is also true of most of the other recent viruses. How long will it be before someone writes a virus for win32s which is truly destructive, in terms of things like writing random data in random places (sector 0, anyone?) on the disk, or scrambling the BIOSes and firmware of things like HDDs making them completley unusable?

And before we suggest that the damage was limited to broadband home users who don't patch their machines, consider that orgs like these were taken down: a few banks, at least one coast guard station, St Luke's Hospital, Delta Airlines, and the list goes on.

I reakon it's a PR exercise. (3, Interesting)

Leonig Mig (695104) | more than 10 years ago | (#9099804)

i think this is utter tosh. microsoft tried to make out the blaster worm was coded by some 17 year old last time.

they want us think 'oh all these viruses are caused by nieve kids with something to prove';

which is less scary than the truth that worms are coded to order by people with maths degrees for criminal gangs who want to use your pc as a conduit for illegal material.

...and the implication.... (4, Insightful)

bagofbeans (567926) | more than 10 years ago | (#9099941)

...is that the software system design, default behaviour, and security level is so poor that a 17 year old can easily exploit it and cause so much damage.

Business model . . . (4, Funny)

Idou (572394) | more than 10 years ago | (#9099806)

1. Write worm
2. Find someone in severe financial trouble
3. Have that person release the worm from home computer
4. Turn that person in and collect the reward
5. Place 75% in a high interest foreign account and keep the rest
6. After the guy gets out of jail, send him a key to a safety deposit with all the information he needs to start a new life
7. Profit

Re:Business model . . . (5, Funny)

ion++ (134665) | more than 10 years ago | (#9099877)

The information in the safety deposit is a note saying:

1. Write worm
2. Find someone in severe financial trouble
3. Have that person release the worm from home computer
4. Turn that person in and collect the reward
5. Place 75% in a high interest foreign account and keep the rest
6. After the guy gets out of jail, send him a key to a safety deposit with all the information he needs to start a new life
7. Profit

Note to Self... (0)

Anonymous Coward | more than 10 years ago | (#9099809)

Make sure my next virus release gets traced back to Steve Ballmer instead.

One more for the road. (1)

m1chael (636773) | more than 10 years ago | (#9099811)

I think Microsoft should invest in prisons. That way at "My Prison" you can actually use that wasted talent, and put it into making expensive software at sweatshop prices.

This could lead to another attack on Linux... (3, Interesting)

3seas (184403) | more than 10 years ago | (#9099815)

MS pays to bust Virus writters and FOSS can't afford such a reward system... so MS hires (under the table) virus writers to attack Linux...

But FOSS doesn't pay me to turn in a virus writer.... so why should I...???

greed..... its been a constant in teh computer industry... no doubt about it.

Re:This could lead to another attack on Linux... (3, Insightful)

cowscows (103644) | more than 10 years ago | (#9099944)

Don't be so paranoid. They'd have to pay an awful lot of talented people to get the volume of linux viruses up to a level where windows would compare favorably. And that effort would be nowhere near the risk of the horrible PR that would be generated when someone revealed that MS was paying them to write these linux viruses.

Dear Microsoft (2, Funny)

adept256 (732470) | more than 10 years ago | (#9099819)

Thank you for outsourcing my debugging job to Germany.

I wonder if microsoft will actually up the $$$ (3, Interesting)

Coolmoe (416032) | more than 10 years ago | (#9099835)

I wonder how many people will turn in thier friends, family etc.. for cash that they they may or may not get. Seems to me like microsoft will get a flood of calls from people that have friends and stuff that like programming. Whoes to say what they were programming. What about false accusations by the technically inept?

i wouldnt care to go to jail (0, Redundant)

idiottt (778297) | more than 10 years ago | (#9099846)

create the worm, giving all information about yourself to MS and get the cashhhhhhh, og wait they already have all information of me and all other windows users, fuckin spyware

So... (0, Redundant)

sv25 (773540) | more than 10 years ago | (#9099847)

1. Wait for MS to create reward system for writing worms 2. Write a worm 3. ??? 4. Collect reward money 5. Move to a country that won't extradite you Hmmm... Not a bad plan...

Embrace (1)

News for nerds (448130) | more than 10 years ago | (#9099851)

even those virii and extend them to... what?

here's a better reward (1, Interesting)

Anonymous Coward | more than 10 years ago | (#9099867)

a legit XP cd key so I can access windows update so i can download updates to avoid worms ;)

I should have the money too.. (1, Funny)

sydtsai (318342) | more than 10 years ago | (#9099870)

I always told M$ that their softwares are bloated and buggy, full of designing flaws...
Now, M$ should give me some money!

Carving his niche? (2, Interesting)

Apiakun (589521) | more than 10 years ago | (#9099872)

Silly Germans! If he had used that knowledge and effort at something constructive instead of destructive, I'm sure he could have gone quite far. On the other hand, he's got a reputation now, which would have been more complicated to build had he taken the non malicious route. No such thing as bad publicity, or so they say.

show me the money (2, Insightful)

DNS-and-BIND (461968) | more than 10 years ago | (#9099879)

In terms of legality, there are so many ways to weasel out of paying a reward. You can say that the information didn't actually help that much, or any other of a thousand excuses. The U.S. State Department is notorious for this. Why should Microsoft be any different? Why should they pay off...they have their man already. The best thing to do, from a corporate-profit point of view, is to set the lawyers on the problem and divine a solution such that they reward need not be paid. This is pretty common stuff.

Oh, and MS should pay to keep up their reputation...puh-leez. Their reputation is already lower than a snake's belly in a gully. How can they go farther? Before any knee-jerk MS apologists start replying, go check out what I've said about rewards being paid off...you'll find the situation is just as depressing as I've described.

Bounty Hunter (4, Insightful)

Ugmo (36922) | more than 10 years ago | (#9099882)

OK, I want some of that dough.

The article mentions that Microsoft used some technical means to confirm the informants' information but the informants did not use technical means to identify the guy. This leads to some questions:

Does Microsoft somehow bug your code if you use MS products to produce it? If I remember correctly some of the Word macro viruses had an ID number somewhere inside them that let MS identify the copy of Word that originally produced the virus.

Is such a serial number/product ID what MS used to confirm the informant's information?
It would not necessarily need to be a number. Deliberate variations in the code produced by a compiler from one machine to the next could be used as a fingerprint.

Barring that, was there some other technical means that could have been used to locate the author?

If I wanted to be a Anti-Virus Bounty hunter is my best bet learning to decompile code or to hang around on IRC chat channels and either encourage other users to write viruses so I can turn them in later, or make friends with real virus writers so I can turn them in?

Maybe a piece of reference code can be made available on a website and people can compile it on a range of machines and MS compilers. The resulting code can be compared and to see if the machine/compiler pair can be identified from the executable. If two machines with the same OS and developement tools create code with slight differences I would begin to worry if I were a virus writer.

access (5, Insightful)

Beer_Smurf (700116) | more than 10 years ago | (#9099897)

I am amazed, with the number of open access points, that someone ever gets caught.Guess they can't help bragging to their friends.

Let's get this over with! (5, Insightful)

ites (600337) | more than 10 years ago | (#9099904)

Any strategy contains the seeds of its own failure. In this case, bribing criminals to hand-over their own is a classic but short-term solution.

Firstly, it sets the stage for blackmail. If one isolated hacker is worth $5m, how much is an unreleased worm worth? Probably much, much more. I'd not be surprised if MS regularly get asked for money upfront before worms are released. Paying out will only make this worse.

Secondly, it is a Darwinian filter. Yes, you can pay to get hold of an isolated criminal. No, you cannot use this tactic against criminal gangs. $5m is not a lot when compared to the value of a large botnet. Setting bounties will eliminate the free-lancers and leave the stage open for more organized criminals who will probably be more agressive in using zombied PCs for criminal acts (child porn, DDoS, etc.)

Thirdly, it is prejudicial and likely to lead to the arrest of innocent people. Given that any zombied PC can be used to launch a worm attack, how can any evidence be trusted? Confessions, too, are unreliable. Bounties are rapidly turned into lynchings.

Lastly, it is a distraction from the real issue: Windows' fundamental security weaknesses. Microsoft must release a secure Windows within the next 12 months or risk permanent damage to their brand. Paying bounties for worm writers fools no-one: Windows remains insecure and there remain an unlimited supply of smart criminals happy to take advantage of that.

I wonder.... (1, Funny)

Big Troller (651808) | more than 10 years ago | (#9099931)

if the guy who made the virus would release his code under the GPL...? You know, to support the open source virus community (OSVC).... Imagine what kind of havoc that could be released on windows if this was to happen, and not to mention how it could help linux...? Think about it.. If viri where released left and right, one after another, all ways improving, and causing enough down time. I imagine companies would be dropping windows as fast as shit flies out of my ass after eating some hot and spicy indian food. Don't get me wrong, I love Indian food, but it sure goes through me sometimes.

Next on the Lifetime (1, Funny)

Anonymous Coward | more than 10 years ago | (#9099956)

The Lifetime true-story, "My son hacked the world"
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>